SONICWALL-FIREWALL-TRAP-MIB MIBS&OIDS not available
sukur55
Newbie ✭
Hello dear community, we are planning to create nagios checks for monitoring SonicWall firewall High Availability status. the only related SNMP information I have found is amoung FIREWALL-TRAP-MIB and but not getting any response with these MIBS/OIDS. I know base OID for tree is like "1.3.6.1.4.1.8741.1.1" but it returns nothing with snmpwalk , so nothing available under this tree. Anyone can explain reason?
Category: High End Firewalls
0
Answers
Because it's not implemented, unfortunately. An OID for trapping won't necessarily work for polling.
We monitor HA state transitions by polling the OID for the serial number of the virtual IP and then raise an alert if it changes since last poll. It's not perfect but it lets us know when something has happened.
You can also configure logging system to send emails on "firewall has transitioned to Active" events.
You will be glad to see that you find out the IP addresses of 168 unconfigured syslog servers, so there's that :D
SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSyslogServerAddr.1 = IpAddress: 0.0.0.0
SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSyslogServerAddr.2 = IpAddress: 0.0.0.0
SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSyslogServerAddr.3 = IpAddress: 0.0.0.0
SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSyslogServerAddr.4 = IpAddress: 0.0.0.0
etc
We monitor HA state transitions by polling the OID for the serial number of the virtual IP and then raise an alert if it changes since last poll. It's not perfect but it lets us know when something has happened
this part is interesting probably I can also use it? can you explain in detail a bit.
Not really much more detail to give, tbh. Monitor value of
SNWL-COMMON-MIB::snwlSysSerialNumber.0
If it ever changes, then there was an HA transition.
Obviously, would be great if there was an OID you could poll that explicitly says if it's active or standby, but there isn't.
Reading these posts, I take the opportunity to consult them since they have active-active configuration, if they know the command to pass via cli from one node to another. Thanks partners!
I should clarify my previous reply,
Monitor value of SNWL-COMMON-MIB::snwlSysSerialNumber.0
on the virtual IP address, not the individual management IPs!
I have implemented the suggestion, above, for a NSa3650 pair.
snmpget -c password -v 2c IPofSonicWall iso.3.6.1.4.1.8741.2.1.1.2.0
iso.3.6.1.4.1.8741.2.1.1.2.0 = STRING: "A1B2C3D4E5F6"
The snmpget command, above returns the serial number of the SonicWall. The response is shown after the query. I compare the string to the serial number of the primary and secondary device to know which is active.
The algorithm was found empirically. I did a snmpwalk of the device and noticed that the serial number string changed when the secondary device became the active firewall.