SNMP MIB Files SW-SMI.MIB - any development?

BWC

Hi,

in 2009 Mike renamed the SW-SMI.MIB file to SONICWALL-SMI.MIB, but the old file is still in the archive which comes accompanying with firmware releases. Can anyone of the SNWL fellows maybe forward this to the SNMP guys?

But more importantly, is there any development for the SNMP subsystem? There were no changes for years, but I guess there is some demand for having it extended? First things that come into my mind are VPN monitoring and ARP entries (for populating a NAC) and gathering of license expiration dates would be great.

I know RFE yada yada yada, but maybe the lack of SNMP functionality is already addressed.

--Michael@BWC

shiprasahu93

Hello Michael@BWC ,

I already see the following RFEs in place.

1. OIDs for Tunnel Interface VPN status change - DEV Review
2. MIB which includes expiration dates - PM review
3. ARP table over SNMP (already available)

So, it looks like the back end team is already on this. Unfortunately, I do not have ETA but they are already being worked upon. So, we should be able to see these in the future releases.

Thanks!

shiprasahu93

Hello Michael@BWC,

I just wanted to share what I usually use for VPN status and ARP entries. I am sure that there are some developments regarding SNMP but unfortunately, I do not have the list of changes with me.

VPN traps:

I usually set the host and SNMP trap community

Then once the VPN status changes, a trap is automatically sent.

ARP entries:

The RFC1213-MIB is very useful which is a standard across many platforms.

I am using a free SNMP tool, so forgive me for the way this looks. 😅 Also, license expiration details would be actually really helpful! I will try to check internally if something is available or in the road map.

I hope this is helpful! Thanks!

shiprasahu93

Hello Michael@BWC ,

I just wanted to share the ones that I use for VPN status and ARP entries. I am sure that there are changes on SNMP subsystem but unfortunately I do not have the changes with me.

VPN status:

I usually set the host IP and the trap community name.

Then once the VPN status changes, I receive a trap on my tool.

ARP entries:

RFC1213-MIB is very useful for this. It is a standard across many platforms.

I am using a free SNMP tool, so forgive me for how it looks 😅 The information related to license expiration would be really helpful. I will check internally to see if we have something already or in road map for the same.

I hope this is useful! Thanks!!

BWC

Hi @shiprasahu93

thanks, this was some great information to do more research on that. I wasn't even checking for a newer version, but is there a possibility that sometimes in Gen6 the arp cache was made available via SNMP?

I'am able to gather the information via IP-MIB::ipNetToMediaPhysAddress.<ifIndex> - something even the NAC vendor we work with just not seems to know. In the past (still valid for Gen5) the arp cache was extracted via SSH.

UPDATE: If you try to get the values for Interface X0 (ifIndex 0) you need to add the Option -Ir to your snmpget/snmpwalk command or you'll end in an Index out of range error.

The SNMP traps for the VPN monitoring are fine, but we are monitoring external appliances and don't wanna expose our snmpd, for that matter polling would be preferred.

--Michael@BWC

shiprasahu93

Hello Michael@BWC ,

I am trying to connect with someone to get more information on this matter. I will update once I have more data.

Thanks!!

BWC

Hi @shiprasahu93

thanks for checking, now we are getting in an area where the community pays off :)

--Michael@BWC

shiprasahu93

😁 Glad I could help! I am big fan of SonicWall Community too! When you ask questions, I learn more. Thanks!!