Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


OID for VPN Stats / Status for Site-2-Site


I´m lookin for OIDs for VPN site-2-site status (Up/own) and VPN stats, like bytes in/out and errors for monitoring proposes in Zabbix ...

I did some research on internet and to this community, and what I got so far is:

VPN interface index is dynamically, thats mean is not possible to have system assigned statically the index;

There is not OIDs available for the requested parameters so far;

The status is the same for today ? In case does not exists, any forecast ?

Howw can I get status and stats via SNMP or CLI or another kind of access ?

Category: High End Firewalls


  • Options
    MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    What is your firmware version? did you check snmp mib files on

  • Options
    kayalankayalan Newbie ✭


    SonicWALL TZ 300 (SonicOS Enhanced

    I checked those MIB files:


    without success ...

    what I found is show below ... but does not have any traffic stats and status ...

  • Options
    MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    I didn't find vpn status oid. maybe you can create network monitor and check this probe session failur or successful

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    If you use a numbered VPN tunnel interface then you can get traffic stats on the interface BUT in some firmware versions it only shows stats for one direction [can't remember if it's TX or RX]. This is more usable than the "normal" VPN tunnels, as the ifIndex is fixed.

    For other types of VPN the stats do increment but because the index is dynamic, Zabbix does not handle this very well. I think you would have to write some kind of handler for this to pre-process it before passing to Zabbix, otherwise you will end up a new "interface" every time the VPN re-keys, and when the tunnel is down there is simply no entry for it [as if it were deleted], rather than an entry that shows as Down.

    SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSAStatCreateTime.2217233172 = STRING: 12/07/2022 08:43:40

    SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSAStatCreateTime.3534238860 = STRING: 12/07/2022 10:29:45

    SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSAStatEncryptPktCount.2217233172 = Counter32: 5938

    SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSAStatEncryptPktCount.3534238860 = Counter32: 0

    SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSAStatEncryptByteCount.2217233172 = Counter32: 1303627

    SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSAStatEncryptByteCount.3534238860 = Counter32: 0

    SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSAStatDecryptPktCount.2217233172 = Counter32: 5240

    SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSAStatDecryptPktCount.3534238860 = Counter32: 0

    SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSAStatDecryptByteCount.2217233172 = Counter32: 1227600

    SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSAStatDecryptByteCount.3534238860 = Counter32: 0

  • Options
    kayalankayalan Newbie ✭


    tks for your inputs ... it was very helpfull ... I think there is not explicit OID for what I need ... Like other firewalls that I worked, it handles as regular interface in the system, therefore I can et all info needed via regular RFC1213 ...

    My goal i very simple, Get trafic TX/RX and VPN status up/down ....

    I´ll need create somehow one script or something else to get this info ....

    May be I can use the sonicSAStatDecryptByteCount and sonicSAStatEncryptByteCount OIDs as reference, but I understand this is the payload, without IPSec overheads .... Am I correct ?

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭
    edited December 2022

    You aren't going to get the VPN status, you would have to infer that from whether it's present or not :/

    I think you can get the firewall to send an SNMP trap on tunnel up/down events.

    From the CLI you could try parsing the output of 'show vpn tunnels'. The format is not particularly machine-friendly. I tried 'cli format out json' as I assumed it would do the obvious [as Zabbix supports JSONPath queries]. But it didn't format the output as JSON, of course :D

Sign In or Register to comment.