Check Point monitoring and integration with 龙虎赌博

Dostupná ?别?别苍í

Check Point Next Generation Firewall by SNMP
3rd party solutions

This template is for 龙虎赌博 version: 7.2

Also available for: 7.0 6.4 6.0

Source:

Check Point Next Generation Firewall by SNMP

Overview

This template is designed for the effortless deployment of Check Point Next Generation Firewall monitoring by 龙虎赌博 via SNMP and doesn't require any external scripts.

Requirements

龙虎赌博 version: 7.2 and higher.

Tested versions

This template has been tested on:

Check Point 4800 Appliance Next Generation Firewall

Configuration

龙虎赌博 should be configured according to the instructions in the Templates out of the box section.

Setup

Refer to vendor .

Macros used

Name	Description	Default
{$CPU.UTIL.CRIT}	Threshold of CPU utilization for the Warning trigger in %.	`90`
{$LOAD_AVG_PER_CPU.MAX.WARN}	Load per CPU considered sustainable. Change if needed.	`1.5`
{$ICMP_LOSS_WARN}	Threshold of ICMP packet loss for the Warning trigger in %.	`20`
{$ICMP_RESPONSE_TIME_WARN}	Threshold of average ICMP response time for the Warning trigger in seconds.	`0.15`
{$SNMP.TIMEOUT}	Time interval for the SNMP availability trigger.	`5m`
{$MEMORY.UTIL.MAX}	Warning threshold for the item "Physical memory: Memory utilization".	`90`
{$FW.DROPPED.PACKETS.TH}	Used in Firewall discovery.	`0`
{$DISK.FREE.MIN.CRIT}	Critical threshold of disk space usage.	`5G`
{$DISK.FREE.MIN.WARN}	Warning threshold of disk space usage.	`10G`
{$DISK.PUSED.MAX.WARN}	Disk utilization threshold for Warning trigger in %.	`80`
{$DISK.PUSED.MAX.CRIT}	Disk utilization threshold for Critical trigger in %.	`90`
{$DISK.NAME.MATCHES}	Used in Storage discovery. Can be overridden on the host or linked template level.	`.+`
{$DISK.NAME.NOT_MATCHES}	Used in Storage discovery. Can be overridden on the host or linked template level.	`^(/dev\|/sys\|/run\|/proc\|.+/shm$)`
{$VPN.NAME.MATCHES}	Used in VPN discovery. Can be overridden on the host or linked template level.	`.*`
{$VPN.NAME.NOT_MATCHES}	Used in VPN discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$VPN.STATE.CONTROL}	Used in the "Tunnel down" trigger. Can be used with the interface name as context.	`1`
{$NET.IF.ERRORS.WARN}	Threshold of error packet rate for the Warning trigger. Can be used with the interface name as context.	`2`
{$NET.IF.UTIL.MAX}	Threshold of interface bandwidth utilization for the Warning trigger in %. Can be used with interface name as context.	`95`
{$NET.IF.CONTROL}	Macro for the interface operational state for the "Link down" trigger. Can be used with the interface name as context.	`1`
{$NET.IF.IFADMINSTATUS.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFADMINSTATUS.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`^2$`
{$NET.IF.IFDESCR.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFDESCR.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$NET.IF.IFNAME.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFNAME.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$NET.IF.IFOPERSTATUS.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFOPERSTATUS.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`^6$`
{$NET.IF.IFTYPE.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFTYPE.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$NET.IF.IFALIAS.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFALIAS.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$TEMP.NAME.MATCHES}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`.*`
{$TEMP.NAME.NOT_MATCHES}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$TEMP.VALUE.LOW}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`5`
{$TEMP.VALUE.CRIT}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`75`
{$TEMP.VALUE.WARN}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`65`
{$VOLT.NAME.MATCHES}	Used in Voltage discovery. Can be overridden on the host or linked template level.	`.*`
{$VOLT.NAME.NOT_MATCHES}	Used in Voltage discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$SW.NAME.MATCHES}	Used in Software blade discovery. Can be overridden on the host or linked template level.	`.*`
{$SW.NAME.NOT_MATCHES}	Used in Software blade discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$LICENSE.EXPIRY.WARN}	Number of days until the license expires.	`7`
{$LICENSE.CONTROL}	Used in Software blade discovery. Can be overridden on the host or linked template level.	`1`

Items

Name	Description	Type	Key and additional info
Appliance product name	MIB: CHECKPOINT-MIB Appliance product name.	SNMP agent	system.hw.model Preprocessing Discard unchanged with heartbeat: `1d`
Appliance serial number	MIB: CHECKPOINT-MIB Appliance serial number.	SNMP agent	system.hw.serialnumber Preprocessing Discard unchanged with heartbeat: `1d`
Appliance manufacturer	MIB: CHECKPOINT-MIB Appliance manufacturer.	SNMP agent	system.hw.manufacturer Preprocessing Discard unchanged with heartbeat: `1d`
Remote Access users	MIB: CHECKPOINT-MIB Number of remote access users.	SNMP agent	remote.users.number Preprocessing JSON Path: `$.length()`
System contact details	MIB: SNMPv2-MIB Name and contact information of the contact person for the node. If not provided, the value is a zero-length string.	SNMP agent	system.contact Preprocessing Discard unchanged with heartbeat: `12h`
System description	MIB: SNMPv2-MIB Full name and version identification of the system's hardware type, software operating system, and networking software.	SNMP agent	system.descr Preprocessing Discard unchanged with heartbeat: `12h`
System location	MIB: SNMPv2-MIB Physical location of the node (e.g., `equipment room`, `3rd floor`). If not provided, the value is a zero-length string.	SNMP agent	system.location Preprocessing Discard unchanged with heartbeat: `12h`
System name	MIB: SNMPv2-MIB An administratively-assigned name for the node (the node's fully-qualified domain name). If not provided, the value is a zero-length string.	SNMP agent	system.name Preprocessing Discard unchanged with heartbeat: `12h`
System object ID	MIB: SNMPv2-MIB The vendor's authoritative identification of the entity as part of the vendor's SMI enterprises subtree with the prefix 1.3.6.1.4.1 (e.g., a vendor with the identifier 1.3.6.1.4.1.4242 might assign a system object with the OID 1.3.6.1.4.1.4242.1.1).	SNMP agent	system.objectid Preprocessing Discard unchanged with heartbeat: `12h`
System uptime	MIB: HOST-RESOURCES-V2-MIB Time since the network management portion of the system was last re-initialized.	SNMP agent	system.uptime Preprocessing Custom multiplier: `0.01`
Number of CPUs	MIB: CHECKPOINT-MIB Number of processors.	SNMP agent	system.cpu.num Preprocessing Discard unchanged with heartbeat: `1h`
CPU utilization	MIB: CHECKPOINT-MIB CPU utilization per core in %.	SNMP agent	system.cpu.util
Load average (1m avg)	MIB: UCD-SNMP-MIB Average number of processes being executed or waiting over the last minute.	SNMP agent	system.cpu.load.avg1
Load average (5m avg)	MIB: UCD-SNMP-MIB Average number of processes being executed or waiting over the last 5 minutes.	SNMP agent	system.cpu.load.avg5
Load average (15m avg)	MIB: UCD-SNMP-MIB Average number of processes being executed or waiting over the last 15 minutes.	SNMP agent	system.cpu.load.avg15
CPU user time	MIB: CHECKPOINT-MIB Average time the CPU has spent running user processes that are not niced.	SNMP agent	system.cpu.user
CPU system time	MIB: CHECKPOINT-MIB Average time the CPU has spent running the kernel and its processes.	SNMP agent	system.cpu.system
CPU idle time	MIB: CHECKPOINT-MIB Average time the CPU has spent doing nothing.	SNMP agent	system.cpu.idle
Context switches per second	MIB: UCD-SNMP-MIB Number of context switches per second.	SNMP agent	system.cpu.switches Preprocessing Change per second
CPU interrupts per second	MIB: CHECKPOINT-MIB Number of interrupts processed per second.	SNMP agent	system.cpu.intr
Total memory	MIB: CHECKPOINT-MIB Total real memory in bytes. Memory used by applications.	SNMP agent	vm.memory.total
Active memory	MIB: CHECKPOINT-MIB Active real memory (memory used by applications that is not cached to the disk) in bytes.	SNMP agent	vm.memory.active
Free memory	MIB: CHECKPOINT-MIB Free memory available for applications in bytes.	SNMP agent	vm.memory.free
Used memory	Used real memory calculated by total real memory and free real memory in bytes.	Calculated	vm.memory.used
Memory utilization	Memory utilization in %.	Calculated	vm.memory.util
Encrypted packets per second	MIB: CHECKPOINT-MIB Number of encrypted packets per second.	SNMP agent	vpn.packets.encrypted Preprocessing Change per second
Decrypted packets per second	MIB: CHECKPOINT-MIB Number of decrypted packets per second.	SNMP agent	vpn.packets.decrypted Preprocessing Change per second
ICMP ping	Host accessibility by ICMP. 0 - ICMP ping fails. 1 - ICMP ping successful.	Simple check	icmpping
ICMP loss	Percentage of lost packets.	Simple check	icmppingloss
ICMP response time	ICMP ping response time (in seconds).	Simple check	icmppingsec
SNMP agent availability	Availability of SNMP checks on the host. The value of this item corresponds to the availability icons in the host list. Possible values: 0 - not available 1 - available 2 - unknown	龙虎赌博 internal	zabbix[host,snmp,available]
SNMP traps (fallback)	Used to collect all SNMP traps unmatched by other `snmptrap` items.	SNMP trap	snmptrap.fallback
SNMP walk network interfaces	Used for discovering interfaces from IF-MIB.	SNMP agent	net.if.walk
SNMP walk CPU	Used for discovering CPU from CHECKPOINT-MIB.	SNMP agent	system.cpu.walk
SNMP walk VPN tunnels	Used for discovering VPN tunnels from CHECKPOINT-MIB.	SNMP agent	vpn.tunnel.walk
SNMP walk disks	Used for discovering storage disks from CHECKPOINT-MIB.	SNMP agent	vfs.fs.walk
SNMP walk temperature sensors	Used for discovering temperature sensors from CHECKPOINT-MIB.	SNMP agent	sensor.temp.walk
SNMP walk fan sensors	Used for discovering fan sensors from CHECKPOINT-MIB.	SNMP agent	sensor.fan.walk
SNMP walk voltage sensors	Used for discovering voltage sensors from CHECKPOINT-MIB.	SNMP agent	sensor.volt.walk
SNMP walk PSU sensors	Used for discovering power supply sensors from CHECKPOINT-MIB.	SNMP agent	sensor.psu.walk
SNMP walk svn features	Used for discovering software blades and features from CHECKPOINT-MIB.	SNMP agent	svn.feature.walk

Triggers

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: Device has been replaced	The device serial number has changed. Acknowledge to close the problem manually.	`last(/Check Point Next Generation Firewall by SNMP/system.hw.serialnumber,#1)<>last(/Check Point Next Generation Firewall by SNMP/system.hw.serialnumber,#2) and length(last(/Check Point Next Generation Firewall by SNMP/system.hw.serialnumber))>0`	Info	Manual close: Yes
Check Point: System name has changed	The name of the system has changed. Acknowledge to close the problem manually.	`last(/Check Point Next Generation Firewall by SNMP/system.name,#1)<>last(/Check Point Next Generation Firewall by SNMP/system.name,#2) and length(last(/Check Point Next Generation Firewall by SNMP/system.name))>0`	Info	Manual close: Yes
Check Point: Device has been restarted	Uptime is less than 10 minutes.	`last(/Check Point Next Generation Firewall by SNMP/system.uptime)<10m`	Info	Manual close: Yes
Check Point: High CPU utilization	CPU utilization is too high. The system might be slow to respond.	`min(/Check Point Next Generation Firewall by SNMP/system.cpu.util,5m)>{$CPU.UTIL.CRIT}`	Warning
Check Point: Load average is too high	The load average per CPU is too high. The system may be slow to respond.	`min(/Check Point Next Generation Firewall by SNMP/system.cpu.load.avg1,5m)/last(/Check Point Next Generation Firewall by SNMP/system.cpu.num)>{$LOAD_AVG_PER_CPU.MAX.WARN} and last(/Check Point Next Generation Firewall by SNMP/system.cpu.load.avg5)>0 and last(/Check Point Next Generation Firewall by SNMP/system.cpu.load.avg15)>0`	Average
Check Point: High memory utilization	The system is running out of free memory.	`min(/Check Point Next Generation Firewall by SNMP/vm.memory.util,5m)>{$MEMORY.UTIL.MAX}`	Average
Check Point: Unavailable by ICMP ping	Last three attempts returned timeout. Please check device connectivity.	`max(/Check Point Next Generation Firewall by SNMP/icmpping,#3)=0`	High
Check Point: High ICMP ping loss	ICMP packet loss detected.	`min(/Check Point Next Generation Firewall by SNMP/icmppingloss,5m)>{$ICMP_LOSS_WARN} and min(/Check Point Next Generation Firewall by SNMP/icmppingloss,5m)<100`	Warning	Depends on: Check Point: Unavailable by ICMP ping
Check Point: High ICMP ping response time	Average ICMP response time is too high.	`avg(/Check Point Next Generation Firewall by SNMP/icmppingsec,5m)>{$ICMP_RESPONSE_TIME_WARN}`	Warning	Depends on: Check Point: Unavailable by ICMP ping Check Point: High ICMP ping loss
Check Point: No SNMP data collection	SNMP is not available for polling. Please check device connectivity and SNMP settings.	`max(/Check Point Next Generation Firewall by SNMP/zabbix[host,snmp,available],{$SNMP.TIMEOUT})=0`	Warning	Depends on: Check Point: Unavailable by ICMP ping

LLD rule Firewall discovery

Name Description Type Key and additional info

Firewall discovery

Name	Description	Type	Key and additional info
Firewall discovery	This discovery will create a set of firewall metrics from CHECKPOINT-MIB if the firewall is installed.	SNMP agent	fw.discovery Preprocessing JavaScript: `The text is too long. Please see the template.`

This discovery will create a set of firewall metrics from CHECKPOINT-MIB if the firewall is installed.

SNMP agent

fw.discovery

Preprocessing

JavaScript: The text is too long. Please see the template.

Item prototypes for Firewall discovery

Name	Description	Type	Key and additional info
Check Point Firewall: Firewall filter name{#SINGLETON}	MIB: CHECKPOINT-MIB Name of the firewall filter.	SNMP agent	fw.filter.name[fwFilterName.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `1h`
Check Point Firewall: Firewall filter install time{#SINGLETON}	MIB: CHECKPOINT-MIB Last install time of the firewall filter.	SNMP agent	fw.filter.installed[fwFilterDate.{#SNMPINDEX}] Preprocessing JavaScript: `The text is too long. Please see the template.` Discard unchanged with heartbeat: `6h`
Check Point Firewall: Firewall version{#SINGLETON}	MIB: CHECKPOINT-MIB Current version of the firewall.	SNMP agent	fw.version[fwVersion.{#SNMPINDEX}] Preprocessing JavaScript: `The text is too long. Please see the template.` Discard unchanged with heartbeat: `1h`
Check Point Firewall: Accepted packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of accepted packets per second.	SNMP agent	fw.accepted[fwAccepted.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Rejected packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of rejected packets per second.	SNMP agent	fw.rejected[fwRejected.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Dropped packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of dropped packets per second.	SNMP agent	fw.dropped[fwDropped.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Logged packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of logged packets per second.	SNMP agent	fw.logged[fwLogged.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: SIC Trust State{#SINGLETON}	MIB: CHECKPOINT-MIB Firewall SIC Trust State.	SNMP agent	fw.sic.trust.state[fwSICTrustState.{#SNMPINDEX}]
Check Point Firewall: Utilized drops number per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of dropped packets per second due to instance being fully utilized.	SNMP agent	fw.utilized.drops[fwFullyUtilizedDrops.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Concurrent connections{#SINGLETON}	MIB: CHECKPOINT-MIB Number of concurrent IPv6 and IPv4 connections.	SNMP agent	fw.conn.num[fwNumConn.{#SNMPINDEX}]
Check Point Firewall: Peak concurrent connections{#SINGLETON}	MIB: CHECKPOINT-MIB Peak number of concurrent connections since last reboot.	SNMP agent	fw.conn.num.peak[fwPeakNumConn.{#SNMPINDEX}]

Trigger prototypes for Firewall discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point Firewall: Instance is currently fully utilized	This trigger uses the number of dropped packets, an increase of which indicates that the instance is fully utilized.	`avg(/Check Point Next Generation Firewall by SNMP/fw.utilized.drops[fwFullyUtilizedDrops.{#SNMPINDEX}],5m)>{$FW.DROPPED.PACKETS.TH}`	High

LLD rule VPN discovery

Name Description Type Key and additional info

VPN discovery

Name	Description	Type	Key and additional info
VPN discovery	For discovering VPN tunnels from CHECKPOINT-MIB.	Dependent item	vpn.discovery Preprocessing SNMP walk to JSON Discard unchanged with heartbeat: `1h`

For discovering VPN tunnels from CHECKPOINT-MIB.

Dependent item

vpn.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for VPN discovery

Name	Description	Type	Key and additional info
VPN {#VPN.NAME}: Peer IP address	MIB: CHECKPOINT-MIB VPN peer IP address.	Dependent item	vpn.tunnel.peer_ip[tunnelPeerIpAddr.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.1.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Tunnel state	MIB: CHECKPOINT-MIB VPN tunnel state: 3 - active 4 - destroy 129 - idle 130 - phase1 131 - down 132 - init	Dependent item	vpn.tunnel.state[tunnelState.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.3.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`
VPN {#VPN.NAME}: Community	MIB: CHECKPOINT-MIB VPN tunnel community.	Dependent item	vpn.tunnel.community[tunnelCommunity.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.4.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Tunnel interface	MIB: CHECKPOINT-MIB VPN tunnel interface.	Dependent item	vpn.tunnel.netif[tunnelInterface.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.6.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Source IP	MIB: CHECKPOINT-MIB Source IP address.	Dependent item	vpn.tunnel.src_ip[tunnelSourceIpAddr.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.7.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Link priority	MIB: CHECKPOINT-MIB Link priority.	Dependent item	vpn.tunnel.priority[tunnelLinkPriority.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.8.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`
VPN {#VPN.NAME}: Probing state	MIB: CHECKPOINT-MIB VPN tunnel probing state: 0 - unknown 1 - alive 2 - dead	Dependent item	vpn.tunnel.prob_state[tunnelProbState.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.9.{#SNMPINDEX}`
VPN {#VPN.NAME}: Peer type	MIB: CHECKPOINT-MIB VPN peer type.	Dependent item	vpn.tunnel.peer_type[tunnelPeerType.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.10.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`
VPN {#VPN.NAME}: Tunnel type	MIB: CHECKPOINT-MIB VPN tunnel type.	Dependent item	vpn.tunnel.type[tunnelType.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.11.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`

Trigger prototypes for VPN discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: VPN {#VPN.NAME}: Tunnel down	This trigger expression works as follows: 1. It can be triggered if the current tunnel state is down. 2. `{$VPN.STATE.CONTROL:"{#VPN.NAME}"}=1` - a user can redefine the context macro to "0", marking this notification as not important. No new trigger will be fired if this tunnel is down.	`{$VPN.STATE.CONTROL:"{#VPN.NAME}"}=1 and last(/Check Point Next Generation Firewall by SNMP/vpn.tunnel.state[tunnelState.{#SNMPINDEX}])=131`	Average	Manual close: Yes

LLD rule CPU discovery

Name Description Type Key and additional info

CPU discovery

Name	Description	Type	Key and additional info
CPU discovery	For discovering CPU from CHECKPOINT-MIB.	Dependent item	cpu.discovery Preprocessing SNMP walk to JSON Discard unchanged with heartbeat: `1h`

For discovering CPU from CHECKPOINT-MIB.

Dependent item

cpu.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for CPU discovery

Name	Description	Type	Key and additional info
CPU Core {#CPU.ID}: CPU user time	MIB: CHECKPOINT-MIB The time the CPU `{#CPU.ID}` has spent running user processes that are not niced.	Dependent item	system.core.user[multiProcUserTime.{#CPU.ID}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.5.1.4.{#SNMPINDEX}`
CPU Core {#CPU.ID}: CPU system time	MIB: CHECKPOINT-MIB The time the CPU `{#CPU.ID}` has spent running the kernel and its processes.	Dependent item	system.core.system[multiProcSystemTime.{#CPU.ID}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.5.1.3.{#SNMPINDEX}`
CPU Core {#CPU.ID}: CPU idle time	MIB: CHECKPOINT-MIB The time the CPU `{#CPU.ID}` has spent doing nothing.	Dependent item	system.core.idle[multiProcIdleTime.{#CPU.ID}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.5.1.2.{#SNMPINDEX}`
CPU Core {#CPU.ID}: CPU utilization	MIB: CHECKPOINT-MIB CPU `{#CPU.ID}` utilization in %.	Dependent item	system.core.util[multiProcUsage.{#CPU.ID}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.5.1.5.{#SNMPINDEX}`

LLD rule Storage discovery

Name Description Type Key and additional info

Storage discovery

Name	Description	Type	Key and additional info
Storage discovery	For discovering storage disks from CHECKPOINT-MIB.	Dependent item	vfs.fs.discovery Preprocessing SNMP walk to JSON Discard unchanged with heartbeat: `1h`

For discovering storage disks from CHECKPOINT-MIB.

Dependent item

vfs.fs.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for Storage discovery

Name	Description	Type	Key and additional info
{#DISK.NAME}: Total disk space	MIB: CHECKPOINT-MIB Total disk size in bytes.	Dependent item	vfs.fs.total[multiDiskSize.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.6.1.3.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
{#DISK.NAME}: Used disk space	MIB: CHECKPOINT-MIB Amount of disk used in bytes.	Dependent item	vfs.fs.used[multiDiskUsed.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.6.1.4.{#SNMPINDEX}`
{#DISK.NAME}: Free disk space	MIB: CHECKPOINT-MIB Free disk capacity in bytes.	Dependent item	vfs.fs.free[multiDiskFreeTotalBytes.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.6.1.5.{#SNMPINDEX}`
{#DISK.NAME}: Available disk space	MIB: CHECKPOINT-MIB Available free disk (not reserved by the OS) in bytes.	Dependent item	vfs.fs.avail[multiDiskFreeAvailableBytes.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.6.1.7.{#SNMPINDEX}`
{#DISK.NAME}: Disk space utilization	Space utilization calculated by the free percentage metric `multiDiskFreeTotalPercent`, expressed in %	Dependent item	vfs.fs.pused[multiDiskUsagePercent.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.6.1.6.{#SNMPINDEX}` JavaScript: `return 100 - Number(value);`

Trigger prototypes for Storage discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: {#DISK.NAME}: Disk space is critically low	Two conditions should match: 1. The first condition - utilization of the space should be above `{$DISK.PUSED.MAX.CRIT:"{#DISK.NAME}"}`. 2. The second condition should be one of the following: - the disk free space is less than `{$DISK.FREE.MIN.CRIT:"{#DISK.NAME}"}`; - the disk will be full in less than 24 hours.	`last(/Check Point Next Generation Firewall by SNMP/vfs.fs.pused[multiDiskUsagePercent.{#SNMPINDEX}])>{$DISK.PUSED.MAX.CRIT:"{#DISK.NAME}"} and (last(/Check Point Next Generation Firewall by SNMP/vfs.fs.total[multiDiskSize.{#SNMPINDEX}])-last(/Check Point Next Generation Firewall by SNMP/vfs.fs.used[multiDiskUsed.{#SNMPINDEX}]))<{$DISK.FREE.MIN.CRIT:"{#DISK.NAME}"}`	Average	Manual close: Yes
Check Point: {#DISK.NAME}: Disk space is low	Two conditions should match: 1. The first condition - utilization of the space should be above `{$DISK.PUSED.MAX.WARN:"{#DISK.NAME}"}`. 2. The second condition should be one of the following: - the disk free space is less than `{$DISK.FREE.MIN.WARN:"{#DISK.NAME}"}`; - the disk will be full in less than 24 hours.	`last(/Check Point Next Generation Firewall by SNMP/vfs.fs.pused[multiDiskUsagePercent.{#SNMPINDEX}])>{$DISK.PUSED.MAX.WARN:"{#DISK.NAME}"} and (last(/Check Point Next Generation Firewall by SNMP/vfs.fs.total[multiDiskSize.{#SNMPINDEX}])-last(/Check Point Next Generation Firewall by SNMP/vfs.fs.used[multiDiskUsed.{#SNMPINDEX}]))<{$DISK.FREE.MIN.WARN:"{#DISK.NAME}"}`	Warning	Manual close: Yes Depends on: Check Point: {#DISK.NAME}: Disk space is critically low

LLD rule Network interfaces discovery

Name Description Type Key and additional info

Network interfaces discovery

Name	Description	Type	Key and additional info
Network interfaces discovery	For discovering interfaces from IF-MIB.	Dependent item	net.if.discovery Preprocessing SNMP walk to JSON Discard unchanged with heartbeat: `1h`

For discovering interfaces from IF-MIB.

Dependent item

net.if.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for Network interfaces discovery

Name	Description	Type	Key and additional info
Interface {#IFNAME}({#IFALIAS}): Operational status	MIB: IF-MIB The current operational state of the interface. - The `testing(3)` state indicates that no operational packets can be passed. - If `ifAdminStatus` is `down(2)`, then `ifOperStatus` should be `down(2)`. - If `ifAdminStatus` is changed to `up(1)`, then `ifOperStatus` should change to `up(1)` if the interface is ready to transmit and receive network traffic. - It should change to `dormant(5)` if the interface is waiting for external actions (such as a serial line waiting for an incoming connection). - It should remain in the `down(2)` state if and only if there is a fault that prevents it from going to the `up(1)` state. - It should remain in the `notPresent(6)` state if the interface has missing (typically, hardware) components.	Dependent item	net.if.status[ifOperStatus.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.8.{#SNMPINDEX}`
Interface {#IFNAME}({#IFALIAS}): Bits received	MIB: IF-MIB The total number of octets received on the interface, including framing characters. This object is a 64-bit version of `ifInOctets`. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.in[ifInOctets.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.31.1.1.1.6.{#SNMPINDEX}` Change per second Custom multiplier: `8`
Interface {#IFNAME}({#IFALIAS}): Bits sent	MIB: IF-MIB The total number of octets transmitted out of the interface, including framing characters. This object is a 64-bit version of `ifOutOctets`. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.out[ifOutOctets.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.31.1.1.1.10.{#SNMPINDEX}` Change per second Custom multiplier: `8`
Interface {#IFNAME}({#IFALIAS}): Inbound packets with errors	MIB: IF-MIB For packet-oriented interfaces - the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces - the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.in.errors[ifInErrors.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.14.{#SNMPINDEX}` Change per second
Interface {#IFNAME}({#IFALIAS}): Outbound packets with errors	MIB: IF-MIB For packet-oriented interfaces - the number of outbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces - the number of outbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.out.errors[ifOutErrors.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.20.{#SNMPINDEX}` Change per second
Interface {#IFNAME}({#IFALIAS}): Outbound packets discarded	MIB: IF-MIB The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.out.discards[ifOutDiscards.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.19.{#SNMPINDEX}` Change per second
Interface {#IFNAME}({#IFALIAS}): Inbound packets discarded	MIB: IF-MIB The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.in.discards[ifInDiscards.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.13.{#SNMPINDEX}` Change per second
Interface {#IFNAME}({#IFALIAS}): Interface type	MIB: IF-MIB The type of interface. Additional values for `ifType` are assigned by the Internet Assigned Numbers Authority (IANA) through updating the syntax of the IANAifType textual convention.	Dependent item	net.if.type[ifType.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.3.{#SNMPINDEX}` Discard unchanged with heartbeat: `1d`
Interface {#IFNAME}({#IFALIAS}): Speed	MIB: IF-MIB An estimate of the interface's current bandwidth in units of 1,000,000 bits per second. If this object reports a value of `n`, then the speed of the interface is somewhere in the range of `n-500,000` to `n+499,999`. For interfaces that do not vary in bandwidth or for those where no accurate estimation can be made, this object should contain the nominal bandwidth. For a sub-layer which has no concept of bandwidth, this object should be zero.	Dependent item	net.if.speed[ifSpeed.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.31.1.1.1.15.{#SNMPINDEX}` Custom multiplier: `1000000` Discard unchanged with heartbeat: `1h`

Trigger prototypes for Network interfaces discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: Interface {#IFNAME}({#IFALIAS}): Link down	This trigger expression works as follows: 1. It can be triggered if the interface link status is down. 2. `{$NET.IF.CONTROL:"{#IFNAME}"}=1` - a user can redefine the context macro to "0", marking this interface as not important. No new trigger will be fired if this interface link is down. 3. `{TEMPLATE_NAME:METRIC.diff()}=1` - the trigger fires only if the interface link status was up to "1" sometime before. WARNING: If closed manually, it will not fire again on the next poll because of `diff`.	`{$NET.IF.CONTROL:"{#IFNAME}"}=1 and last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}])=2 and (last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}],#1)<>last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}],#2))`	Average	Manual close: Yes
Check Point: Interface {#IFNAME}({#IFALIAS}): High bandwidth usage	The utilization of the network interface is close to its estimated maximum bandwidth.	(avg(/Check Point Next Generation Firewall by SNMP/net.if.in[ifInOctets.{#SNMPINDEX}],15m)>({$NET.IF.UTIL.MAX:"{#IFNAME}"}/100)last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}]) or avg(/Check Point Next Generation Firewall by SNMP/net.if.out[ifOutOctets.{#SNMPINDEX}],15m)>({$NET.IF.UTIL.MAX:"{#IFNAME}"}/100)last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])) and last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])>0	Warning	Manual close: Yes Depends on: Check Point: Interface {#IFNAME}({#IFALIAS}): Link down
Check Point: Interface {#IFNAME}({#IFALIAS}): High error rate	It recovers when it is below 80% of the `{$NET.IF.ERRORS.WARN:"{#IFNAME}"}` threshold.	`min(/Check Point Next Generation Firewall by SNMP/net.if.in.errors[ifInErrors.{#SNMPINDEX}],5m)>{$NET.IF.ERRORS.WARN:"{#IFNAME}"} or min(/Check Point Next Generation Firewall by SNMP/net.if.out.errors[ifOutErrors.{#SNMPINDEX}],5m)>{$NET.IF.ERRORS.WARN:"{#IFNAME}"}`	Warning	Manual close: Yes Depends on: Check Point: Interface {#IFNAME}({#IFALIAS}): Link down
Check Point: Interface {#IFNAME}({#IFALIAS}): Ethernet has changed to lower speed than it was before	This Ethernet connection has transitioned down from its known maximum speed. This might be a sign of autonegotiation issues. Acknowledge to close the problem manually.	change(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])<0 and last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])>0 and ( last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=6 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=7 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=11 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=62 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=69 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=117 ) and (last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}])<>2)	Info	Manual close: Yes Depends on: Check Point: Interface {#IFNAME}({#IFALIAS}): Link down

LLD rule Temperature discovery

Name Description Type Key and additional info

Temperature discovery

Name	Description	Type	Key and additional info
Temperature discovery	For discovering temperature sensors from CHECKPOINT-MIB.	Dependent item	temperature.discovery Preprocessing SNMP walk to JSON Discard unchanged with heartbeat: `1h`

For discovering temperature sensors from CHECKPOINT-MIB.

Dependent item

temperature.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for Temperature discovery

Name Description Type Key and additional info

{#SENSOR.NAME}: Temperature

Name	Description	Type	Key and additional info
{#SENSOR.NAME}: Temperature	MIB: CHECKPOINT-MIB Current temperature reading in degrees Celsius from the hardware component's temperature sensor.	Dependent item	sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.8.1.1.3.{#SNMPINDEX}`

MIB: CHECKPOINT-MIB

Current temperature reading in degrees Celsius from the hardware component's temperature sensor.

Dependent item

sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}]

Preprocessing

SNMP walk value: 1.3.6.1.4.1.2620.1.6.7.8.1.1.3.{#SNMPINDEX}

Trigger prototypes for Temperature discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: {#SENSOR.NAME}: Temperature is above critical threshold	This trigger uses temperature sensor values.	`avg(/Check Point Next Generation Firewall by SNMP/sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}],5m)>{$TEMP.VALUE.CRIT:"{#SENSOR.NAME}"}`	High
Check Point: {#SENSOR.NAME}: Temperature is above warning threshold	This trigger uses temperature sensor values.	`avg(/Check Point Next Generation Firewall by SNMP/sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}],5m)>{$TEMP.VALUE.WARN:"{#SENSOR.NAME}"}`	Warning	Depends on: Check Point: {#SENSOR.NAME}: Temperature is above critical threshold
Check Point: {#SENSOR.NAME}: Temperature is too low	This trigger uses temperature sensor values.	`avg(/Check Point Next Generation Firewall by SNMP/sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}],5m)<{$TEMP.VALUE.LOW:"{#SENSOR.NAME}"}`	Average

LLD rule FAN discovery

Name Description Type Key and additional info

FAN discovery

Name	Description	Type	Key and additional info
FAN discovery	For discovering fan sensors from CHECKPOINT-MIB.	Dependent item	fan.discovery Preprocessing SNMP walk to JSON Discard unchanged with heartbeat: `1h`

For discovering fan sensors from CHECKPOINT-MIB.

Dependent item

fan.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for FAN discovery

Name Description Type Key and additional info

FAN {#SNMPINDEX}: Fan status

Name	Description	Type	Key and additional info
FAN {#SNMPINDEX}: Fan status	MIB: CHECKPOINT-MIB Current status of the fan tray.	Dependent item	sensor.fan.status[fanSpeedSensorStatus.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.8.2.1.6.{#SNMPINDEX}`
FAN {#SNMPINDEX}: Fan speed	MIB: CHECKPOINT-MIB Current speed of the fan.	Dependent item	sensor.fan.speed[fanSpeedSensorValue.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.8.2.1.3.{#SNMPINDEX}`

MIB: CHECKPOINT-MIB

Current status of the fan tray.

Dependent item

sensor.fan.status[fanSpeedSensorStatus.{#SNMPINDEX}]

Preprocessing

SNMP walk value: 1.3.6.1.4.1.2620.1.6.7.8.2.1.6.{#SNMPINDEX}

FAN {#SNMPINDEX}: Fan speed

MIB: CHECKPOINT-MIB

Current speed of the fan.

Dependent item

sensor.fan.speed[fanSpeedSensorValue.{#SNMPINDEX}]

Preprocessing

SNMP walk value: 1.3.6.1.4.1.2620.1.6.7.8.2.1.3.{#SNMPINDEX}

Trigger prototypes for FAN discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: FAN {#SNMPINDEX}: Fan speed is out of range	Please check the fan unit.	`count(/Check Point Next Generation Firewall by SNMP/sensor.fan.status[fanSpeedSensorStatus.{#SNMPINDEX}],#3,"eq",1)=3`	Average

LLD rule Voltage discovery

Name Description Type Key and additional info

Voltage discovery

Name	Description	Type	Key and additional info
Voltage discovery	For discovering voltage sensors from CHECKPOINT-MIB.	Dependent item	voltage.discovery Preprocessing SNMP walk to JSON Discard unchanged with heartbeat: `1h`

For discovering voltage sensors from CHECKPOINT-MIB.

Dependent item

voltage.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for Voltage discovery

Name Description Type Key and additional info

{#SENSOR.NAME}: Voltage value

Name	Description	Type	Key and additional info
{#SENSOR.NAME}: Voltage value	MIB: CHECKPOINT-MIB Most recent measurement obtained by the agent for this sensor.	Dependent item	sensor.volt.value[voltageSensorValue.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.8.3.1.3.{#SNMPINDEX}`

MIB: CHECKPOINT-MIB

Most recent measurement obtained by the agent for this sensor.

Dependent item

sensor.volt.value[voltageSensorValue.{#SNMPINDEX}]

Preprocessing

SNMP walk value: 1.3.6.1.4.1.2620.1.6.7.8.3.1.3.{#SNMPINDEX}

LLD rule PSU discovery

Name Description Type Key and additional info

PSU discovery

Name	Description	Type	Key and additional info
PSU discovery	For discovering power supply sensors from CHECKPOINT-MIB.	Dependent item	psu.discovery Preprocessing SNMP walk to JSON Discard unchanged with heartbeat: `1h`

For discovering power supply sensors from CHECKPOINT-MIB.

Dependent item

psu.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for PSU discovery

Name Description Type Key and additional info

PSU {#SNMPINDEX}: Power supply status

Name	Description	Type	Key and additional info
PSU {#SNMPINDEX}: Power supply status	MIB: CHECKPOINT-MIB Power supply status.	Dependent item	sensor.psu.status[powerSupplyStatus.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.9.1.1.2.{#SNMPINDEX}` JavaScript: `The text is too long. Please see the template.` Discard unchanged with heartbeat: `1h`

MIB: CHECKPOINT-MIB

Power supply status.

Dependent item

sensor.psu.status[powerSupplyStatus.{#SNMPINDEX}]

Preprocessing

SNMP walk value: 1.3.6.1.4.1.2620.1.6.7.9.1.1.2.{#SNMPINDEX}
JavaScript: The text is too long. Please see the template.
Discard unchanged with heartbeat: 1h

Trigger prototypes for PSU discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: PSU {#SNMPINDEX}: Power supply is in down state	Please check the power supply unit for errors.	`count(/Check Point Next Generation Firewall by SNMP/sensor.psu.status[powerSupplyStatus.{#SNMPINDEX}],#3,"eq",1)=3`	Average

LLD rule Software blades discovery

Name Description Type Key and additional info

Software blades discovery

Name	Description	Type	Key and additional info
Software blades discovery	For discovering software blades and features from CHECKPOINT-MIB.	Dependent item	svn.sw.discovery Preprocessing SNMP walk to JSON Discard unchanged with heartbeat: `1h`

For discovering software blades and features from CHECKPOINT-MIB.

Dependent item

svn.sw.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for Software blades discovery

Name	Description	Type	Key and additional info
{#SW.NAME}: License state	MIB: CHECKPOINT-MIB Current license state of the software blade.	Dependent item	svn.sw.license.state[licensingState.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.18.1.1.5.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
{#SW.NAME}: License expiration date	MIB: CHECKPOINT-MIB Expiration date for the license of the software blade. Doesn't return a value if the license doesn't have an expiration date.	Dependent item	svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.18.1.1.6.{#SNMPINDEX}` Does not match regular expression: `^0$` ??Custom on fail: Discard value Discard unchanged with heartbeat: `6h`
{#SW.NAME}: Software blade status	MIB: CHECKPOINT-MIB Current software blade status.	Dependent item	svn.sw.status[licensingBladeActive.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.18.1.1.8.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`
{#SW.NAME}: License total quota	MIB: CHECKPOINT-MIB Total quota amount for the license of the software blade.	Dependent item	svn.sw.license.quota.total[licensingTotalQuota.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.18.1.1.9.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
{#SW.NAME}: License used quota	MIB: CHECKPOINT-MIB Used quota amount for the license of the software blade.	Dependent item	svn.sw.license.quota.used[licensingUsedQuota.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.18.1.1.10.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`

Trigger prototypes for Software blades discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: {#SW.NAME}: License expires soon	This trigger expression works as follows: 1. It can be triggered if the license expires soon. 2. `{$LICENSE.CONTROL:"{#SW.NAME}"}=1` - a user can redefine the context macro to "0", marking the current license as not important. No new trigger will be fired if this license expires.	`{$LICENSE.CONTROL:"{#SW.NAME}"}=1 and (last(/Check Point Next Generation Firewall by SNMP/svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}]) - now()) / 86400 < {$LICENSE.EXPIRY.WARN:"{#SW.NAME}"} and last(/Check Point Next Generation Firewall by SNMP/svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}]) > now()`	Warning	Manual close: Yes
Check Point: {#SW.NAME}: License has been expired	This trigger expression works as follows: 1. It can be triggered if the license has been expired. 2. `{$LICENSE.CONTROL:"{#SW.NAME}"}=1` - a user can redefine the context macro to "0", marking the current license as not important. No new trigger will be fired if this license is expired.	`{$LICENSE.CONTROL:"{#SW.NAME}"}=1 and last(/Check Point Next Generation Firewall by SNMP/svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}]) < now()`	Average	Manual close: Yes

Feedback

Please report any issues with the template at

You can also provide feedback, discuss the template, or ask for help at ZABBIX forums

This template is for 龙虎赌博 version: 7.0

Also available for: 7.2 6.4 6.0

Source:

Check Point Next Generation Firewall by SNMP

Overview

This template is designed for the effortless deployment of Check Point Next Generation Firewall monitoring by 龙虎赌博 via SNMP and doesn't require any external scripts.

Requirements

龙虎赌博 version: 7.0 and higher.

Tested versions

This template has been tested on:

Check Point 4800 Appliance Next Generation Firewall

Configuration

龙虎赌博 should be configured according to the instructions in the Templates out of the box section.

Setup

Refer to vendor .

Macros used

Name	Description	Default
{$CPU.UTIL.CRIT}	Threshold of CPU utilization for the Warning trigger in %.	`90`
{$LOAD_AVG_PER_CPU.MAX.WARN}	Load per CPU considered sustainable. Change if needed.	`1.5`
{$ICMP_LOSS_WARN}	Threshold of ICMP packet loss for the Warning trigger in %.	`20`
{$ICMP_RESPONSE_TIME_WARN}	Threshold of average ICMP response time for the Warning trigger in seconds.	`0.15`
{$SNMP.TIMEOUT}	Time interval for the SNMP availability trigger.	`5m`
{$MEMORY.UTIL.MAX}	Warning threshold for the item "Physical memory: Memory utilization".	`90`
{$FW.DROPPED.PACKETS.TH}	Used in Firewall discovery.	`0`
{$DISK.FREE.MIN.CRIT}	Critical threshold of disk space usage.	`5G`
{$DISK.FREE.MIN.WARN}	Warning threshold of disk space usage.	`10G`
{$DISK.PUSED.MAX.WARN}	Disk utilization threshold for Warning trigger in %.	`80`
{$DISK.PUSED.MAX.CRIT}	Disk utilization threshold for Critical trigger in %.	`90`
{$DISK.NAME.MATCHES}	Used in Storage discovery. Can be overridden on the host or linked template level.	`.+`
{$DISK.NAME.NOT_MATCHES}	Used in Storage discovery. Can be overridden on the host or linked template level.	`^(/dev\|/sys\|/run\|/proc\|.+/shm$)`
{$VPN.NAME.MATCHES}	Used in VPN discovery. Can be overridden on the host or linked template level.	`.*`
{$VPN.NAME.NOT_MATCHES}	Used in VPN discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$VPN.STATE.CONTROL}	Used in the "Tunnel down" trigger. Can be used with the interface name as context.	`1`
{$NET.IF.ERRORS.WARN}	Threshold of error packet rate for the Warning trigger. Can be used with the interface name as context.	`2`
{$NET.IF.UTIL.MAX}	Threshold of interface bandwidth utilization for the Warning trigger in %. Can be used with interface name as context.	`95`
{$NET.IF.CONTROL}	Macro for the interface operational state for the "Link down" trigger. Can be used with the interface name as context.	`1`
{$NET.IF.IFADMINSTATUS.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFADMINSTATUS.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`^2$`
{$NET.IF.IFDESCR.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFDESCR.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$NET.IF.IFNAME.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFNAME.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$NET.IF.IFOPERSTATUS.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFOPERSTATUS.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`^6$`
{$NET.IF.IFTYPE.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFTYPE.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$NET.IF.IFALIAS.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFALIAS.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$TEMP.NAME.MATCHES}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`.*`
{$TEMP.NAME.NOT_MATCHES}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$TEMP.VALUE.LOW}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`5`
{$TEMP.VALUE.CRIT}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`75`
{$TEMP.VALUE.WARN}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`65`
{$VOLT.NAME.MATCHES}	Used in Voltage discovery. Can be overridden on the host or linked template level.	`.*`
{$VOLT.NAME.NOT_MATCHES}	Used in Voltage discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$SW.NAME.MATCHES}	Used in Software blade discovery. Can be overridden on the host or linked template level.	`.*`
{$SW.NAME.NOT_MATCHES}	Used in Software blade discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$LICENSE.EXPIRY.WARN}	Number of days until the license expires.	`7`
{$LICENSE.CONTROL}	Used in Software blade discovery. Can be overridden on the host or linked template level.	`1`

Items

Name	Description	Type	Key and additional info
Appliance product name	MIB: CHECKPOINT-MIB Appliance product name.	SNMP agent	system.hw.model Preprocessing Discard unchanged with heartbeat: `1d`
Appliance serial number	MIB: CHECKPOINT-MIB Appliance serial number.	SNMP agent	system.hw.serialnumber Preprocessing Discard unchanged with heartbeat: `1d`
Appliance manufacturer	MIB: CHECKPOINT-MIB Appliance manufacturer.	SNMP agent	system.hw.manufacturer Preprocessing Discard unchanged with heartbeat: `1d`
Remote Access users	MIB: CHECKPOINT-MIB Number of remote access users.	SNMP agent	remote.users.number Preprocessing JSON Path: `$.length()`
System contact details	MIB: SNMPv2-MIB Name and contact information of the contact person for the node. If not provided, the value is a zero-length string.	SNMP agent	system.contact Preprocessing Discard unchanged with heartbeat: `12h`
System description	MIB: SNMPv2-MIB Full name and version identification of the system's hardware type, software operating system, and networking software.	SNMP agent	system.descr Preprocessing Discard unchanged with heartbeat: `12h`
System location	MIB: SNMPv2-MIB Physical location of the node (e.g., `equipment room`, `3rd floor`). If not provided, the value is a zero-length string.	SNMP agent	system.location Preprocessing Discard unchanged with heartbeat: `12h`
System name	MIB: SNMPv2-MIB An administratively-assigned name for the node (the node's fully-qualified domain name). If not provided, the value is a zero-length string.	SNMP agent	system.name Preprocessing Discard unchanged with heartbeat: `12h`
System object ID	MIB: SNMPv2-MIB The vendor's authoritative identification of the entity as part of the vendor's SMI enterprises subtree with the prefix 1.3.6.1.4.1 (e.g., a vendor with the identifier 1.3.6.1.4.1.4242 might assign a system object with the OID 1.3.6.1.4.1.4242.1.1).	SNMP agent	system.objectid Preprocessing Discard unchanged with heartbeat: `12h`
System uptime	MIB: HOST-RESOURCES-V2-MIB Time since the network management portion of the system was last re-initialized.	SNMP agent	system.uptime Preprocessing Custom multiplier: `0.01`
Number of CPUs	MIB: CHECKPOINT-MIB Number of processors.	SNMP agent	system.cpu.num Preprocessing Discard unchanged with heartbeat: `1h`
CPU utilization	MIB: CHECKPOINT-MIB CPU utilization per core in %.	SNMP agent	system.cpu.util
Load average (1m avg)	MIB: UCD-SNMP-MIB Average number of processes being executed or waiting over the last minute.	SNMP agent	system.cpu.load.avg1
Load average (5m avg)	MIB: UCD-SNMP-MIB Average number of processes being executed or waiting over the last 5 minutes.	SNMP agent	system.cpu.load.avg5
Load average (15m avg)	MIB: UCD-SNMP-MIB Average number of processes being executed or waiting over the last 15 minutes.	SNMP agent	system.cpu.load.avg15
CPU user time	MIB: CHECKPOINT-MIB Average time the CPU has spent running user processes that are not niced.	SNMP agent	system.cpu.user
CPU system time	MIB: CHECKPOINT-MIB Average time the CPU has spent running the kernel and its processes.	SNMP agent	system.cpu.system
CPU idle time	MIB: CHECKPOINT-MIB Average time the CPU has spent doing nothing.	SNMP agent	system.cpu.idle
Context switches per second	MIB: UCD-SNMP-MIB Number of context switches per second.	SNMP agent	system.cpu.switches Preprocessing Change per second
CPU interrupts per second	MIB: CHECKPOINT-MIB Number of interrupts processed per second.	SNMP agent	system.cpu.intr
Total memory	MIB: CHECKPOINT-MIB Total real memory in bytes. Memory used by applications.	SNMP agent	vm.memory.total
Active memory	MIB: CHECKPOINT-MIB Active real memory (memory used by applications that is not cached to the disk) in bytes.	SNMP agent	vm.memory.active
Free memory	MIB: CHECKPOINT-MIB Free memory available for applications in bytes.	SNMP agent	vm.memory.free
Used memory	Used real memory calculated by total real memory and free real memory in bytes.	Calculated	vm.memory.used
Memory utilization	Memory utilization in %.	Calculated	vm.memory.util
Encrypted packets per second	MIB: CHECKPOINT-MIB Number of encrypted packets per second.	SNMP agent	vpn.packets.encrypted Preprocessing Change per second
Decrypted packets per second	MIB: CHECKPOINT-MIB Number of decrypted packets per second.	SNMP agent	vpn.packets.decrypted Preprocessing Change per second
ICMP ping	Host accessibility by ICMP. 0 - ICMP ping fails. 1 - ICMP ping successful.	Simple check	icmpping
ICMP loss	Percentage of lost packets.	Simple check	icmppingloss
ICMP response time	ICMP ping response time (in seconds).	Simple check	icmppingsec
SNMP agent availability	Availability of SNMP checks on the host. The value of this item corresponds to the availability icons in the host list. Possible values: 0 - not available 1 - available 2 - unknown	龙虎赌博 internal	zabbix[host,snmp,available]
SNMP traps (fallback)	Used to collect all SNMP traps unmatched by other `snmptrap` items.	SNMP trap	snmptrap.fallback
SNMP walk network interfaces	Used for discovering interfaces from IF-MIB.	SNMP agent	net.if.walk
SNMP walk CPU	Used for discovering CPU from CHECKPOINT-MIB.	SNMP agent	system.cpu.walk
SNMP walk VPN tunnels	Used for discovering VPN tunnels from CHECKPOINT-MIB.	SNMP agent	vpn.tunnel.walk
SNMP walk disks	Used for discovering storage disks from CHECKPOINT-MIB.	SNMP agent	vfs.fs.walk
SNMP walk temperature sensors	Used for discovering temperature sensors from CHECKPOINT-MIB.	SNMP agent	sensor.temp.walk
SNMP walk fan sensors	Used for discovering fan sensors from CHECKPOINT-MIB.	SNMP agent	sensor.fan.walk
SNMP walk voltage sensors	Used for discovering voltage sensors from CHECKPOINT-MIB.	SNMP agent	sensor.volt.walk
SNMP walk PSU sensors	Used for discovering power supply sensors from CHECKPOINT-MIB.	SNMP agent	sensor.psu.walk
SNMP walk svn features	Used for discovering software blades and features from CHECKPOINT-MIB.	SNMP agent	svn.feature.walk

Triggers

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: Device has been replaced	The device serial number has changed. Acknowledge to close the problem manually.	`last(/Check Point Next Generation Firewall by SNMP/system.hw.serialnumber,#1)<>last(/Check Point Next Generation Firewall by SNMP/system.hw.serialnumber,#2) and length(last(/Check Point Next Generation Firewall by SNMP/system.hw.serialnumber))>0`	Info	Manual close: Yes
Check Point: System name has changed	The name of the system has changed. Acknowledge to close the problem manually.	`last(/Check Point Next Generation Firewall by SNMP/system.name,#1)<>last(/Check Point Next Generation Firewall by SNMP/system.name,#2) and length(last(/Check Point Next Generation Firewall by SNMP/system.name))>0`	Info	Manual close: Yes
Check Point: Device has been restarted	Uptime is less than 10 minutes.	`last(/Check Point Next Generation Firewall by SNMP/system.uptime)<10m`	Info	Manual close: Yes
Check Point: High CPU utilization	CPU utilization is too high. The system might be slow to respond.	`min(/Check Point Next Generation Firewall by SNMP/system.cpu.util,5m)>{$CPU.UTIL.CRIT}`	Warning
Check Point: Load average is too high	The load average per CPU is too high. The system may be slow to respond.	`min(/Check Point Next Generation Firewall by SNMP/system.cpu.load.avg1,5m)/last(/Check Point Next Generation Firewall by SNMP/system.cpu.num)>{$LOAD_AVG_PER_CPU.MAX.WARN} and last(/Check Point Next Generation Firewall by SNMP/system.cpu.load.avg5)>0 and last(/Check Point Next Generation Firewall by SNMP/system.cpu.load.avg15)>0`	Average
Check Point: High memory utilization	The system is running out of free memory.	`min(/Check Point Next Generation Firewall by SNMP/vm.memory.util,5m)>{$MEMORY.UTIL.MAX}`	Average
Check Point: Unavailable by ICMP ping	Last three attempts returned timeout. Please check device connectivity.	`max(/Check Point Next Generation Firewall by SNMP/icmpping,#3)=0`	High
Check Point: High ICMP ping loss	ICMP packet loss detected.	`min(/Check Point Next Generation Firewall by SNMP/icmppingloss,5m)>{$ICMP_LOSS_WARN} and min(/Check Point Next Generation Firewall by SNMP/icmppingloss,5m)<100`	Warning	Depends on: Check Point: Unavailable by ICMP ping
Check Point: High ICMP ping response time	Average ICMP response time is too high.	`avg(/Check Point Next Generation Firewall by SNMP/icmppingsec,5m)>{$ICMP_RESPONSE_TIME_WARN}`	Warning	Depends on: Check Point: Unavailable by ICMP ping Check Point: High ICMP ping loss
Check Point: No SNMP data collection	SNMP is not available for polling. Please check device connectivity and SNMP settings.	`max(/Check Point Next Generation Firewall by SNMP/zabbix[host,snmp,available],{$SNMP.TIMEOUT})=0`	Warning	Depends on: Check Point: Unavailable by ICMP ping

LLD rule Firewall discovery

Name Description Type Key and additional info

Firewall discovery

Name	Description	Type	Key and additional info
Firewall discovery	This discovery will create a set of firewall metrics from CHECKPOINT-MIB if the firewall is installed.	SNMP agent	fw.discovery Preprocessing JavaScript: `The text is too long. Please see the template.`

This discovery will create a set of firewall metrics from CHECKPOINT-MIB if the firewall is installed.

SNMP agent

fw.discovery

Preprocessing

JavaScript: The text is too long. Please see the template.

Item prototypes for Firewall discovery

Name	Description	Type	Key and additional info
Check Point Firewall: Firewall filter name{#SINGLETON}	MIB: CHECKPOINT-MIB Name of the firewall filter.	SNMP agent	fw.filter.name[fwFilterName.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `1h`
Check Point Firewall: Firewall filter install time{#SINGLETON}	MIB: CHECKPOINT-MIB Last install time of the firewall filter.	SNMP agent	fw.filter.installed[fwFilterDate.{#SNMPINDEX}] Preprocessing JavaScript: `The text is too long. Please see the template.` Discard unchanged with heartbeat: `6h`
Check Point Firewall: Firewall version{#SINGLETON}	MIB: CHECKPOINT-MIB Current version of the firewall.	SNMP agent	fw.version[fwVersion.{#SNMPINDEX}] Preprocessing JavaScript: `The text is too long. Please see the template.` Discard unchanged with heartbeat: `1h`
Check Point Firewall: Accepted packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of accepted packets per second.	SNMP agent	fw.accepted[fwAccepted.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Rejected packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of rejected packets per second.	SNMP agent	fw.rejected[fwRejected.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Dropped packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of dropped packets per second.	SNMP agent	fw.dropped[fwDropped.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Logged packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of logged packets per second.	SNMP agent	fw.logged[fwLogged.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: SIC Trust State{#SINGLETON}	MIB: CHECKPOINT-MIB Firewall SIC Trust State.	SNMP agent	fw.sic.trust.state[fwSICTrustState.{#SNMPINDEX}]
Check Point Firewall: Utilized drops number per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of dropped packets per second due to instance being fully utilized.	SNMP agent	fw.utilized.drops[fwFullyUtilizedDrops.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Concurrent connections{#SINGLETON}	MIB: CHECKPOINT-MIB Number of concurrent IPv6 and IPv4 connections.	SNMP agent	fw.conn.num[fwNumConn.{#SNMPINDEX}]
Check Point Firewall: Peak concurrent connections{#SINGLETON}	MIB: CHECKPOINT-MIB Peak number of concurrent connections since last reboot.	SNMP agent	fw.conn.num.peak[fwPeakNumConn.{#SNMPINDEX}]

Trigger prototypes for Firewall discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point Firewall: Instance is currently fully utilized	This trigger uses the number of dropped packets, an increase of which indicates that the instance is fully utilized.	`avg(/Check Point Next Generation Firewall by SNMP/fw.utilized.drops[fwFullyUtilizedDrops.{#SNMPINDEX}],5m)>{$FW.DROPPED.PACKETS.TH}`	High

LLD rule VPN discovery

Name Description Type Key and additional info

VPN discovery

Name	Description	Type	Key and additional info
VPN discovery	For discovering VPN tunnels from CHECKPOINT-MIB.	Dependent item	vpn.discovery Preprocessing SNMP walk to JSON Discard unchanged with heartbeat: `1h`

For discovering VPN tunnels from CHECKPOINT-MIB.

Dependent item

vpn.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for VPN discovery

Name	Description	Type	Key and additional info
VPN {#VPN.NAME}: Peer IP address	MIB: CHECKPOINT-MIB VPN peer IP address.	Dependent item	vpn.tunnel.peer_ip[tunnelPeerIpAddr.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.1.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Tunnel state	MIB: CHECKPOINT-MIB VPN tunnel state: 3 - active 4 - destroy 129 - idle 130 - phase1 131 - down 132 - init	Dependent item	vpn.tunnel.state[tunnelState.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.3.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`
VPN {#VPN.NAME}: Community	MIB: CHECKPOINT-MIB VPN tunnel community.	Dependent item	vpn.tunnel.community[tunnelCommunity.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.4.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Tunnel interface	MIB: CHECKPOINT-MIB VPN tunnel interface.	Dependent item	vpn.tunnel.netif[tunnelInterface.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.6.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Source IP	MIB: CHECKPOINT-MIB Source IP address.	Dependent item	vpn.tunnel.src_ip[tunnelSourceIpAddr.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.7.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Link priority	MIB: CHECKPOINT-MIB Link priority.	Dependent item	vpn.tunnel.priority[tunnelLinkPriority.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.8.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`
VPN {#VPN.NAME}: Probing state	MIB: CHECKPOINT-MIB VPN tunnel probing state: 0 - unknown 1 - alive 2 - dead	Dependent item	vpn.tunnel.prob_state[tunnelProbState.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.9.{#SNMPINDEX}`
VPN {#VPN.NAME}: Peer type	MIB: CHECKPOINT-MIB VPN peer type.	Dependent item	vpn.tunnel.peer_type[tunnelPeerType.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.10.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`
VPN {#VPN.NAME}: Tunnel type	MIB: CHECKPOINT-MIB VPN tunnel type.	Dependent item	vpn.tunnel.type[tunnelType.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.11.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`

Trigger prototypes for VPN discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: VPN {#VPN.NAME}: Tunnel down	This trigger expression works as follows: 1. It can be triggered if the current tunnel state is down. 2. `{$VPN.STATE.CONTROL:"{#VPN.NAME}"}=1` - a user can redefine the context macro to "0", marking this notification as not important. No new trigger will be fired if this tunnel is down.	`{$VPN.STATE.CONTROL:"{#VPN.NAME}"}=1 and last(/Check Point Next Generation Firewall by SNMP/vpn.tunnel.state[tunnelState.{#SNMPINDEX}])=131`	Average	Manual close: Yes

LLD rule CPU discovery

Name Description Type Key and additional info

CPU discovery

Name	Description	Type	Key and additional info
CPU discovery	For discovering CPU from CHECKPOINT-MIB.	Dependent item	cpu.discovery Preprocessing SNMP walk to JSON Discard unchanged with heartbeat: `1h`

For discovering CPU from CHECKPOINT-MIB.

Dependent item

cpu.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for CPU discovery

Name	Description	Type	Key and additional info
CPU Core {#CPU.ID}: CPU user time	MIB: CHECKPOINT-MIB The time the CPU `{#CPU.ID}` has spent running user processes that are not niced.	Dependent item	system.core.user[multiProcUserTime.{#CPU.ID}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.5.1.4.{#SNMPINDEX}`
CPU Core {#CPU.ID}: CPU system time	MIB: CHECKPOINT-MIB The time the CPU `{#CPU.ID}` has spent running the kernel and its processes.	Dependent item	system.core.system[multiProcSystemTime.{#CPU.ID}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.5.1.3.{#SNMPINDEX}`
CPU Core {#CPU.ID}: CPU idle time	MIB: CHECKPOINT-MIB The time the CPU `{#CPU.ID}` has spent doing nothing.	Dependent item	system.core.idle[multiProcIdleTime.{#CPU.ID}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.5.1.2.{#SNMPINDEX}`
CPU Core {#CPU.ID}: CPU utilization	MIB: CHECKPOINT-MIB CPU `{#CPU.ID}` utilization in %.	Dependent item	system.core.util[multiProcUsage.{#CPU.ID}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.5.1.5.{#SNMPINDEX}`

LLD rule Storage discovery

Name Description Type Key and additional info

Storage discovery

Name	Description	Type	Key and additional info
Storage discovery	For discovering storage disks from CHECKPOINT-MIB.	Dependent item	vfs.fs.discovery Preprocessing SNMP walk to JSON Discard unchanged with heartbeat: `1h`

For discovering storage disks from CHECKPOINT-MIB.

Dependent item

vfs.fs.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for Storage discovery

Name	Description	Type	Key and additional info
{#DISK.NAME}: Total disk space	MIB: CHECKPOINT-MIB Total disk size in bytes.	Dependent item	vfs.fs.total[multiDiskSize.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.6.1.3.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
{#DISK.NAME}: Used disk space	MIB: CHECKPOINT-MIB Amount of disk used in bytes.	Dependent item	vfs.fs.used[multiDiskUsed.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.6.1.4.{#SNMPINDEX}`
{#DISK.NAME}: Free disk space	MIB: CHECKPOINT-MIB Free disk capacity in bytes.	Dependent item	vfs.fs.free[multiDiskFreeTotalBytes.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.6.1.5.{#SNMPINDEX}`
{#DISK.NAME}: Available disk space	MIB: CHECKPOINT-MIB Available free disk (not reserved by the OS) in bytes.	Dependent item	vfs.fs.avail[multiDiskFreeAvailableBytes.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.6.1.7.{#SNMPINDEX}`
{#DISK.NAME}: Disk space utilization	Space utilization calculated by the free percentage metric `multiDiskFreeTotalPercent`, expressed in %	Dependent item	vfs.fs.pused[multiDiskUsagePercent.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.6.1.6.{#SNMPINDEX}` JavaScript: `return 100 - Number(value);`

Trigger prototypes for Storage discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: {#DISK.NAME}: Disk space is critically low	Two conditions should match: 1. The first condition - utilization of the space should be above `{$DISK.PUSED.MAX.CRIT:"{#DISK.NAME}"}`. 2. The second condition should be one of the following: - the disk free space is less than `{$DISK.FREE.MIN.CRIT:"{#DISK.NAME}"}`; - the disk will be full in less than 24 hours.	`last(/Check Point Next Generation Firewall by SNMP/vfs.fs.pused[multiDiskUsagePercent.{#SNMPINDEX}])>{$DISK.PUSED.MAX.CRIT:"{#DISK.NAME}"} and (last(/Check Point Next Generation Firewall by SNMP/vfs.fs.total[multiDiskSize.{#SNMPINDEX}])-last(/Check Point Next Generation Firewall by SNMP/vfs.fs.used[multiDiskUsed.{#SNMPINDEX}]))<{$DISK.FREE.MIN.CRIT:"{#DISK.NAME}"}`	Average	Manual close: Yes
Check Point: {#DISK.NAME}: Disk space is low	Two conditions should match: 1. The first condition - utilization of the space should be above `{$DISK.PUSED.MAX.WARN:"{#DISK.NAME}"}`. 2. The second condition should be one of the following: - the disk free space is less than `{$DISK.FREE.MIN.WARN:"{#DISK.NAME}"}`; - the disk will be full in less than 24 hours.	`last(/Check Point Next Generation Firewall by SNMP/vfs.fs.pused[multiDiskUsagePercent.{#SNMPINDEX}])>{$DISK.PUSED.MAX.WARN:"{#DISK.NAME}"} and (last(/Check Point Next Generation Firewall by SNMP/vfs.fs.total[multiDiskSize.{#SNMPINDEX}])-last(/Check Point Next Generation Firewall by SNMP/vfs.fs.used[multiDiskUsed.{#SNMPINDEX}]))<{$DISK.FREE.MIN.WARN:"{#DISK.NAME}"}`	Warning	Manual close: Yes Depends on: Check Point: {#DISK.NAME}: Disk space is critically low

LLD rule Network interfaces discovery

Name Description Type Key and additional info

Network interfaces discovery

Name	Description	Type	Key and additional info
Network interfaces discovery	For discovering interfaces from IF-MIB.	Dependent item	net.if.discovery Preprocessing SNMP walk to JSON Discard unchanged with heartbeat: `1h`

For discovering interfaces from IF-MIB.

Dependent item

net.if.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for Network interfaces discovery

Name	Description	Type	Key and additional info
Interface {#IFNAME}({#IFALIAS}): Operational status	MIB: IF-MIB The current operational state of the interface. - The `testing(3)` state indicates that no operational packets can be passed. - If `ifAdminStatus` is `down(2)`, then `ifOperStatus` should be `down(2)`. - If `ifAdminStatus` is changed to `up(1)`, then `ifOperStatus` should change to `up(1)` if the interface is ready to transmit and receive network traffic. - It should change to `dormant(5)` if the interface is waiting for external actions (such as a serial line waiting for an incoming connection). - It should remain in the `down(2)` state if and only if there is a fault that prevents it from going to the `up(1)` state. - It should remain in the `notPresent(6)` state if the interface has missing (typically, hardware) components.	Dependent item	net.if.status[ifOperStatus.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.8.{#SNMPINDEX}`
Interface {#IFNAME}({#IFALIAS}): Bits received	MIB: IF-MIB The total number of octets received on the interface, including framing characters. This object is a 64-bit version of `ifInOctets`. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.in[ifInOctets.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.31.1.1.1.6.{#SNMPINDEX}` Change per second Custom multiplier: `8`
Interface {#IFNAME}({#IFALIAS}): Bits sent	MIB: IF-MIB The total number of octets transmitted out of the interface, including framing characters. This object is a 64-bit version of `ifOutOctets`. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.out[ifOutOctets.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.31.1.1.1.10.{#SNMPINDEX}` Change per second Custom multiplier: `8`
Interface {#IFNAME}({#IFALIAS}): Inbound packets with errors	MIB: IF-MIB For packet-oriented interfaces - the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces - the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.in.errors[ifInErrors.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.14.{#SNMPINDEX}` Change per second
Interface {#IFNAME}({#IFALIAS}): Outbound packets with errors	MIB: IF-MIB For packet-oriented interfaces - the number of outbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces - the number of outbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.out.errors[ifOutErrors.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.20.{#SNMPINDEX}` Change per second
Interface {#IFNAME}({#IFALIAS}): Outbound packets discarded	MIB: IF-MIB The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.out.discards[ifOutDiscards.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.19.{#SNMPINDEX}` Change per second
Interface {#IFNAME}({#IFALIAS}): Inbound packets discarded	MIB: IF-MIB The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.in.discards[ifInDiscards.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.13.{#SNMPINDEX}` Change per second
Interface {#IFNAME}({#IFALIAS}): Interface type	MIB: IF-MIB The type of interface. Additional values for `ifType` are assigned by the Internet Assigned Numbers Authority (IANA) through updating the syntax of the IANAifType textual convention.	Dependent item	net.if.type[ifType.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.3.{#SNMPINDEX}` Discard unchanged with heartbeat: `1d`
Interface {#IFNAME}({#IFALIAS}): Speed	MIB: IF-MIB An estimate of the interface's current bandwidth in units of 1,000,000 bits per second. If this object reports a value of `n`, then the speed of the interface is somewhere in the range of `n-500,000` to `n+499,999`. For interfaces that do not vary in bandwidth or for those where no accurate estimation can be made, this object should contain the nominal bandwidth. For a sub-layer which has no concept of bandwidth, this object should be zero.	Dependent item	net.if.speed[ifSpeed.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.31.1.1.1.15.{#SNMPINDEX}` Custom multiplier: `1000000` Discard unchanged with heartbeat: `1h`

Trigger prototypes for Network interfaces discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: Interface {#IFNAME}({#IFALIAS}): Link down	This trigger expression works as follows: 1. It can be triggered if the interface link status is down. 2. `{$NET.IF.CONTROL:"{#IFNAME}"}=1` - a user can redefine the context macro to "0", marking this interface as not important. No new trigger will be fired if this interface link is down. 3. `{TEMPLATE_NAME:METRIC.diff()}=1` - the trigger fires only if the interface link status was up to "1" sometime before. WARNING: If closed manually, it will not fire again on the next poll because of `diff`.	`{$NET.IF.CONTROL:"{#IFNAME}"}=1 and last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}])=2 and (last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}],#1)<>last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}],#2))`	Average	Manual close: Yes
Check Point: Interface {#IFNAME}({#IFALIAS}): High bandwidth usage	The utilization of the network interface is close to its estimated maximum bandwidth.	(avg(/Check Point Next Generation Firewall by SNMP/net.if.in[ifInOctets.{#SNMPINDEX}],15m)>({$NET.IF.UTIL.MAX:"{#IFNAME}"}/100)last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}]) or avg(/Check Point Next Generation Firewall by SNMP/net.if.out[ifOutOctets.{#SNMPINDEX}],15m)>({$NET.IF.UTIL.MAX:"{#IFNAME}"}/100)last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])) and last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])>0	Warning	Manual close: Yes Depends on: Check Point: Interface {#IFNAME}({#IFALIAS}): Link down
Check Point: Interface {#IFNAME}({#IFALIAS}): High error rate	It recovers when it is below 80% of the `{$NET.IF.ERRORS.WARN:"{#IFNAME}"}` threshold.	`min(/Check Point Next Generation Firewall by SNMP/net.if.in.errors[ifInErrors.{#SNMPINDEX}],5m)>{$NET.IF.ERRORS.WARN:"{#IFNAME}"} or min(/Check Point Next Generation Firewall by SNMP/net.if.out.errors[ifOutErrors.{#SNMPINDEX}],5m)>{$NET.IF.ERRORS.WARN:"{#IFNAME}"}`	Warning	Manual close: Yes Depends on: Check Point: Interface {#IFNAME}({#IFALIAS}): Link down
Check Point: Interface {#IFNAME}({#IFALIAS}): Ethernet has changed to lower speed than it was before	This Ethernet connection has transitioned down from its known maximum speed. This might be a sign of autonegotiation issues. Acknowledge to close the problem manually.	change(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])<0 and last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])>0 and ( last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=6 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=7 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=11 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=62 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=69 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=117 ) and (last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}])<>2)	Info	Manual close: Yes Depends on: Check Point: Interface {#IFNAME}({#IFALIAS}): Link down

LLD rule Temperature discovery

Name Description Type Key and additional info

Temperature discovery

Name	Description	Type	Key and additional info
Temperature discovery	For discovering temperature sensors from CHECKPOINT-MIB.	Dependent item	temperature.discovery Preprocessing SNMP walk to JSON Discard unchanged with heartbeat: `1h`

For discovering temperature sensors from CHECKPOINT-MIB.

Dependent item

temperature.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for Temperature discovery

Name Description Type Key and additional info

{#SENSOR.NAME}: Temperature

Name	Description	Type	Key and additional info
{#SENSOR.NAME}: Temperature	MIB: CHECKPOINT-MIB Current temperature reading in degrees Celsius from the hardware component's temperature sensor.	Dependent item	sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.8.1.1.3.{#SNMPINDEX}`

MIB: CHECKPOINT-MIB

Current temperature reading in degrees Celsius from the hardware component's temperature sensor.

Dependent item

sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}]

Preprocessing

SNMP walk value: 1.3.6.1.4.1.2620.1.6.7.8.1.1.3.{#SNMPINDEX}

Trigger prototypes for Temperature discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: {#SENSOR.NAME}: Temperature is above critical threshold	This trigger uses temperature sensor values.	`avg(/Check Point Next Generation Firewall by SNMP/sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}],5m)>{$TEMP.VALUE.CRIT:"{#SENSOR.NAME}"}`	High
Check Point: {#SENSOR.NAME}: Temperature is above warning threshold	This trigger uses temperature sensor values.	`avg(/Check Point Next Generation Firewall by SNMP/sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}],5m)>{$TEMP.VALUE.WARN:"{#SENSOR.NAME}"}`	Warning	Depends on: Check Point: {#SENSOR.NAME}: Temperature is above critical threshold
Check Point: {#SENSOR.NAME}: Temperature is too low	This trigger uses temperature sensor values.	`avg(/Check Point Next Generation Firewall by SNMP/sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}],5m)<{$TEMP.VALUE.LOW:"{#SENSOR.NAME}"}`	Average

LLD rule FAN discovery

Name Description Type Key and additional info

FAN discovery

For discovering fan sensors from CHECKPOINT-MIB.

Dependent item

fan.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for FAN discovery

Name Description Type Key and additional info

FAN {#SNMPINDEX}: Fan status

MIB: CHECKPOINT-MIB

Current status of the fan tray.

Dependent item

sensor.fan.status[fanSpeedSensorStatus.{#SNMPINDEX}]

Preprocessing

SNMP walk value: 1.3.6.1.4.1.2620.1.6.7.8.2.1.6.{#SNMPINDEX}

FAN {#SNMPINDEX}: Fan speed

MIB: CHECKPOINT-MIB

Current speed of the fan.

Dependent item

sensor.fan.speed[fanSpeedSensorValue.{#SNMPINDEX}]

Preprocessing

SNMP walk value: 1.3.6.1.4.1.2620.1.6.7.8.2.1.3.{#SNMPINDEX}

Trigger prototypes for FAN discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: FAN {#SNMPINDEX}: Fan speed is out of range	Please check the fan unit.	`count(/Check Point Next Generation Firewall by SNMP/sensor.fan.status[fanSpeedSensorStatus.{#SNMPINDEX}],#3,"eq",1)=3`	Average

LLD rule Voltage discovery

Name Description Type Key and additional info

Voltage discovery

For discovering voltage sensors from CHECKPOINT-MIB.

Dependent item

voltage.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for Voltage discovery

Name Description Type Key and additional info

{#SENSOR.NAME}: Voltage value

MIB: CHECKPOINT-MIB

Most recent measurement obtained by the agent for this sensor.

Dependent item

sensor.volt.value[voltageSensorValue.{#SNMPINDEX}]

Preprocessing

SNMP walk value: 1.3.6.1.4.1.2620.1.6.7.8.3.1.3.{#SNMPINDEX}

LLD rule PSU discovery

Name Description Type Key and additional info

PSU discovery

For discovering power supply sensors from CHECKPOINT-MIB.

Dependent item

psu.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for PSU discovery

Name Description Type Key and additional info

PSU {#SNMPINDEX}: Power supply status

MIB: CHECKPOINT-MIB

Power supply status.

Dependent item

sensor.psu.status[powerSupplyStatus.{#SNMPINDEX}]

Preprocessing

SNMP walk value: 1.3.6.1.4.1.2620.1.6.7.9.1.1.2.{#SNMPINDEX}
JavaScript: The text is too long. Please see the template.
Discard unchanged with heartbeat: 1h

Trigger prototypes for PSU discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: PSU {#SNMPINDEX}: Power supply is in down state	Please check the power supply unit for errors.	`count(/Check Point Next Generation Firewall by SNMP/sensor.psu.status[powerSupplyStatus.{#SNMPINDEX}],#3,"eq",1)=3`	Average

LLD rule Software blades discovery

Name Description Type Key and additional info

Software blades discovery

For discovering software blades and features from CHECKPOINT-MIB.

Dependent item

svn.sw.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for Software blades discovery

Name	Description	Type	Key and additional info
{#SW.NAME}: License state	MIB: CHECKPOINT-MIB Current license state of the software blade.	Dependent item	svn.sw.license.state[licensingState.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.18.1.1.5.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
{#SW.NAME}: License expiration date	MIB: CHECKPOINT-MIB Expiration date for the license of the software blade. Doesn't return a value if the license doesn't have an expiration date.	Dependent item	svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.18.1.1.6.{#SNMPINDEX}` Does not match regular expression: `^0$` ??Custom on fail: Discard value Discard unchanged with heartbeat: `6h`
{#SW.NAME}: Software blade status	MIB: CHECKPOINT-MIB Current software blade status.	Dependent item	svn.sw.status[licensingBladeActive.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.18.1.1.8.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`
{#SW.NAME}: License total quota	MIB: CHECKPOINT-MIB Total quota amount for the license of the software blade.	Dependent item	svn.sw.license.quota.total[licensingTotalQuota.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.18.1.1.9.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
{#SW.NAME}: License used quota	MIB: CHECKPOINT-MIB Used quota amount for the license of the software blade.	Dependent item	svn.sw.license.quota.used[licensingUsedQuota.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.18.1.1.10.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`

Trigger prototypes for Software blades discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: {#SW.NAME}: License expires soon	This trigger expression works as follows: 1. It can be triggered if the license expires soon. 2. `{$LICENSE.CONTROL:"{#SW.NAME}"}=1` - a user can redefine the context macro to "0", marking the current license as not important. No new trigger will be fired if this license expires.	`{$LICENSE.CONTROL:"{#SW.NAME}"}=1 and (last(/Check Point Next Generation Firewall by SNMP/svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}]) - now()) / 86400 < {$LICENSE.EXPIRY.WARN:"{#SW.NAME}"} and last(/Check Point Next Generation Firewall by SNMP/svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}]) > now()`	Warning	Manual close: Yes
Check Point: {#SW.NAME}: License has been expired	This trigger expression works as follows: 1. It can be triggered if the license has been expired. 2. `{$LICENSE.CONTROL:"{#SW.NAME}"}=1` - a user can redefine the context macro to "0", marking the current license as not important. No new trigger will be fired if this license is expired.	`{$LICENSE.CONTROL:"{#SW.NAME}"}=1 and last(/Check Point Next Generation Firewall by SNMP/svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}]) < now()`	Average	Manual close: Yes

Feedback

Please report any issues with the template at

You can also provide feedback, discuss the template, or ask for help at ZABBIX forums

This template is for 龙虎赌博 version: 6.4

Also available for: 7.2 7.0 6.0

Source:

Check Point Next Generation Firewall by SNMP

Overview

This template is designed for the effortless deployment of Check Point Next Generation Firewall monitoring by 龙虎赌博 via SNMP and doesn't require any external scripts.

Requirements

龙虎赌博 version: 6.4 and higher.

Tested versions

This template has been tested on:

Check Point 4800 Appliance Next Generation Firewall

Configuration

龙虎赌博 should be configured according to the instructions in the Templates out of the box section.

Setup

Refer to vendor .

Macros used

Name	Description	Default
{$CPU.UTIL.CRIT}	Threshold of CPU utilization for the Warning trigger in %.	`90`
{$LOAD_AVG_PER_CPU.MAX.WARN}	Load per CPU considered sustainable. Change if needed.	`1.5`
{$ICMP_LOSS_WARN}	Threshold of ICMP packet loss for the Warning trigger in %.	`20`
{$ICMP_RESPONSE_TIME_WARN}	Threshold of average ICMP response time for the Warning trigger in seconds.	`0.15`
{$SNMP.TIMEOUT}	Time interval for the SNMP availability trigger.	`5m`
{$MEMORY.UTIL.MAX}	Warning threshold for the item "Physical memory: Memory utilization".	`90`
{$FW.DROPPED.PACKETS.TH}	Used in Firewall discovery.	`0`
{$DISK.FREE.MIN.CRIT}	Critical threshold of disk space usage.	`5G`
{$DISK.FREE.MIN.WARN}	Warning threshold of disk space usage.	`10G`
{$DISK.PUSED.MAX.WARN}	Disk utilization threshold for Warning trigger in %.	`80`
{$DISK.PUSED.MAX.CRIT}	Disk utilization threshold for Critical trigger in %.	`90`
{$DISK.NAME.MATCHES}	Used in Storage discovery. Can be overridden on the host or linked template level.	`.+`
{$DISK.NAME.NOT_MATCHES}	Used in Storage discovery. Can be overridden on the host or linked template level.	`^(/dev\|/sys\|/run\|/proc\|.+/shm$)`
{$VPN.NAME.MATCHES}	Used in VPN discovery. Can be overridden on the host or linked template level.	`.*`
{$VPN.NAME.NOT_MATCHES}	Used in VPN discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$VPN.STATE.CONTROL}	Used in the "Tunnel down" trigger. Can be used with the interface name as context.	`1`
{$NET.IF.ERRORS.WARN}	Threshold of error packet rate for the Warning trigger. Can be used with the interface name as context.	`2`
{$NET.IF.UTIL.MAX}	Threshold of interface bandwidth utilization for the Warning trigger in %. Can be used with interface name as context.	`95`
{$NET.IF.CONTROL}	Macro for the interface operational state for the "Link down" trigger. Can be used with the interface name as context.	`1`
{$NET.IF.IFADMINSTATUS.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFADMINSTATUS.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`^2$`
{$NET.IF.IFDESCR.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFDESCR.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$NET.IF.IFNAME.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFNAME.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$NET.IF.IFOPERSTATUS.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFOPERSTATUS.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`^6$`
{$NET.IF.IFTYPE.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFTYPE.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$NET.IF.IFALIAS.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFALIAS.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$TEMP.NAME.MATCHES}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`.*`
{$TEMP.NAME.NOT_MATCHES}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$TEMP.VALUE.LOW}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`5`
{$TEMP.VALUE.CRIT}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`75`
{$TEMP.VALUE.WARN}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`65`
{$VOLT.NAME.MATCHES}	Used in Voltage discovery. Can be overridden on the host or linked template level.	`.*`
{$VOLT.NAME.NOT_MATCHES}	Used in Voltage discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$SW.NAME.MATCHES}	Used in Software blade discovery. Can be overridden on the host or linked template level.	`.*`
{$SW.NAME.NOT_MATCHES}	Used in Software blade discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$LICENSE.EXPIRY.WARN}	Number of days until the license expires.	`7`
{$LICENSE.CONTROL}	Used in Software blade discovery. Can be overridden on the host or linked template level.	`1`

Items

Name	Description	Type	Key and additional info
Check Point: Appliance product name	MIB: CHECKPOINT-MIB Appliance product name.	SNMP agent	system.hw.model Preprocessing Discard unchanged with heartbeat: `1d`
Check Point: Appliance serial number	MIB: CHECKPOINT-MIB Appliance serial number.	SNMP agent	system.hw.serialnumber Preprocessing Discard unchanged with heartbeat: `1d`
Check Point: Appliance manufacturer	MIB: CHECKPOINT-MIB Appliance manufacturer.	SNMP agent	system.hw.manufacturer Preprocessing Discard unchanged with heartbeat: `1d`
Check Point: Remote Access users	MIB: CHECKPOINT-MIB Number of remote access users.	SNMP agent	remote.users.number Preprocessing JSON Path: `$.length()`
Check Point: System contact details	MIB: SNMPv2-MIB Name and contact information of the contact person for the node. If not provided, the value is a zero-length string.	SNMP agent	system.contact Preprocessing Discard unchanged with heartbeat: `12h`
Check Point: System description	MIB: SNMPv2-MIB Full name and version identification of the system's hardware type, software operating system, and networking software.	SNMP agent	system.descr Preprocessing Discard unchanged with heartbeat: `12h`
Check Point: System location	MIB: SNMPv2-MIB Physical location of the node (e.g., `equipment room`, `3rd floor`). If not provided, the value is a zero-length string.	SNMP agent	system.location Preprocessing Discard unchanged with heartbeat: `12h`
Check Point: System name	MIB: SNMPv2-MIB An administratively-assigned name for the node (the node's fully-qualified domain name). If not provided, the value is a zero-length string.	SNMP agent	system.name Preprocessing Discard unchanged with heartbeat: `12h`
Check Point: System object ID	MIB: SNMPv2-MIB The vendor's authoritative identification of the entity as part of the vendor's SMI enterprises subtree with the prefix 1.3.6.1.4.1 (e.g., a vendor with the identifier 1.3.6.1.4.1.4242 might assign a system object with the OID 1.3.6.1.4.1.4242.1.1).	SNMP agent	system.objectid Preprocessing Discard unchanged with heartbeat: `12h`
Check Point: System uptime	MIB: HOST-RESOURCES-V2-MIB Time since the network management portion of the system was last re-initialized.	SNMP agent	system.uptime Preprocessing Custom multiplier: `0.01`
Check Point: Number of CPUs	MIB: CHECKPOINT-MIB Number of processors.	SNMP agent	system.cpu.num Preprocessing Discard unchanged with heartbeat: `1h`
Check Point: CPU utilization	MIB: CHECKPOINT-MIB CPU utilization per core in %.	SNMP agent	system.cpu.util
Check Point: Load average (1m avg)	MIB: UCD-SNMP-MIB Average number of processes being executed or waiting over the last minute.	SNMP agent	system.cpu.load.avg1
Check Point: Load average (5m avg)	MIB: UCD-SNMP-MIB Average number of processes being executed or waiting over the last 5 minutes.	SNMP agent	system.cpu.load.avg5
Check Point: Load average (15m avg)	MIB: UCD-SNMP-MIB Average number of processes being executed or waiting over the last 15 minutes.	SNMP agent	system.cpu.load.avg15
Check Point: CPU user time	MIB: CHECKPOINT-MIB Average time the CPU has spent running user processes that are not niced.	SNMP agent	system.cpu.user
Check Point: CPU system time	MIB: CHECKPOINT-MIB Average time the CPU has spent running the kernel and its processes.	SNMP agent	system.cpu.system
Check Point: CPU idle time	MIB: CHECKPOINT-MIB Average time the CPU has spent doing nothing.	SNMP agent	system.cpu.idle
Check Point: Context switches per second	MIB: UCD-SNMP-MIB Number of context switches per second.	SNMP agent	system.cpu.switches Preprocessing Change per second
Check Point: CPU interrupts per second	MIB: CHECKPOINT-MIB Number of interrupts processed per second.	SNMP agent	system.cpu.intr
Check Point: Total memory	MIB: CHECKPOINT-MIB Total real memory in bytes. Memory used by applications.	SNMP agent	vm.memory.total
Check Point: Active memory	MIB: CHECKPOINT-MIB Active real memory (memory used by applications that is not cached to the disk) in bytes.	SNMP agent	vm.memory.active
Check Point: Free memory	MIB: CHECKPOINT-MIB Free memory available for applications in bytes.	SNMP agent	vm.memory.free
Check Point: Used memory	Used real memory calculated by total real memory and free real memory in bytes.	Calculated	vm.memory.used
Check Point: Memory utilization	Memory utilization in %.	Calculated	vm.memory.util
Check Point: Encrypted packets per second	MIB: CHECKPOINT-MIB Number of encrypted packets per second.	SNMP agent	vpn.packets.encrypted Preprocessing Change per second
Check Point: Decrypted packets per second	MIB: CHECKPOINT-MIB Number of decrypted packets per second.	SNMP agent	vpn.packets.decrypted Preprocessing Change per second
Check Point: ICMP ping	Host accessibility by ICMP. 0 - ICMP ping fails. 1 - ICMP ping successful.	Simple check	icmpping
Check Point: ICMP loss	Percentage of lost packets.	Simple check	icmppingloss
Check Point: ICMP response time	ICMP ping response time (in seconds).	Simple check	icmppingsec
Check Point: SNMP agent availability	Availability of SNMP checks on the host. The value of this item corresponds to the availability icons in the host list. Possible values: 0 - not available 1 - available 2 - unknown	龙虎赌博 internal	zabbix[host,snmp,available]
Check Point: SNMP traps (fallback)	Used to collect all SNMP traps unmatched by other `snmptrap` items.	SNMP trap	snmptrap.fallback
Check Point: SNMP walk network interfaces	Used for discovering interfaces from IF-MIB.	SNMP agent	net.if.walk
Check Point: SNMP walk CPU	Used for discovering CPU from CHECKPOINT-MIB.	SNMP agent	system.cpu.walk
Check Point: SNMP walk VPN tunnels	Used for discovering VPN tunnels from CHECKPOINT-MIB.	SNMP agent	vpn.tunnel.walk
Check Point: SNMP walk disks	Used for discovering storage disks from CHECKPOINT-MIB.	SNMP agent	vfs.fs.walk
Check Point: SNMP walk temperature sensors	Used for discovering temperature sensors from CHECKPOINT-MIB.	SNMP agent	sensor.temp.walk
Check Point: SNMP walk fan sensors	Used for discovering fan sensors from CHECKPOINT-MIB.	SNMP agent	sensor.fan.walk
Check Point: SNMP walk voltage sensors	Used for discovering voltage sensors from CHECKPOINT-MIB.	SNMP agent	sensor.volt.walk
Check Point: SNMP walk PSU sensors	Used for discovering power supply sensors from CHECKPOINT-MIB.	SNMP agent	sensor.psu.walk
Check Point: SNMP walk svn features	Used for discovering software blades and features from CHECKPOINT-MIB.	SNMP agent	svn.feature.walk

Triggers

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: Device has been replaced	The device serial number has changed. Acknowledge to close the problem manually.	`last(/Check Point Next Generation Firewall by SNMP/system.hw.serialnumber,#1)<>last(/Check Point Next Generation Firewall by SNMP/system.hw.serialnumber,#2) and length(last(/Check Point Next Generation Firewall by SNMP/system.hw.serialnumber))>0`	Info	Manual close: Yes
Check Point: System name has changed	The name of the system has changed. Acknowledge to close the problem manually.	`last(/Check Point Next Generation Firewall by SNMP/system.name,#1)<>last(/Check Point Next Generation Firewall by SNMP/system.name,#2) and length(last(/Check Point Next Generation Firewall by SNMP/system.name))>0`	Info	Manual close: Yes
Check Point: Device has been restarted	Uptime is less than 10 minutes.	`last(/Check Point Next Generation Firewall by SNMP/system.uptime)<10m`	Info	Manual close: Yes
Check Point: High CPU utilization	CPU utilization is too high. The system might be slow to respond.	`min(/Check Point Next Generation Firewall by SNMP/system.cpu.util,5m)>{$CPU.UTIL.CRIT}`	Warning
Check Point: Load average is too high	The load average per CPU is too high. The system may be slow to respond.	`min(/Check Point Next Generation Firewall by SNMP/system.cpu.load.avg1,5m)/last(/Check Point Next Generation Firewall by SNMP/system.cpu.num)>{$LOAD_AVG_PER_CPU.MAX.WARN} and last(/Check Point Next Generation Firewall by SNMP/system.cpu.load.avg5)>0 and last(/Check Point Next Generation Firewall by SNMP/system.cpu.load.avg15)>0`	Average
Check Point: High memory utilization	The system is running out of free memory.	`min(/Check Point Next Generation Firewall by SNMP/vm.memory.util,5m)>{$MEMORY.UTIL.MAX}`	Average
Check Point: Unavailable by ICMP ping	Last three attempts returned timeout. Please check device connectivity.	`max(/Check Point Next Generation Firewall by SNMP/icmpping,#3)=0`	High
Check Point: High ICMP ping loss	ICMP packet loss detected.	`min(/Check Point Next Generation Firewall by SNMP/icmppingloss,5m)>{$ICMP_LOSS_WARN} and min(/Check Point Next Generation Firewall by SNMP/icmppingloss,5m)<100`	Warning	Depends on: Check Point: Unavailable by ICMP ping
Check Point: High ICMP ping response time	Average ICMP response time is too high.	`avg(/Check Point Next Generation Firewall by SNMP/icmppingsec,5m)>{$ICMP_RESPONSE_TIME_WARN}`	Warning	Depends on: Check Point: Unavailable by ICMP ping Check Point: High ICMP ping loss
Check Point: No SNMP data collection	SNMP is not available for polling. Please check device connectivity and SNMP settings.	`max(/Check Point Next Generation Firewall by SNMP/zabbix[host,snmp,available],{$SNMP.TIMEOUT})=0`	Warning	Depends on: Check Point: Unavailable by ICMP ping

LLD rule Firewall discovery

Name Description Type Key and additional info

Firewall discovery

This discovery will create a set of firewall metrics from CHECKPOINT-MIB if the firewall is installed.

SNMP agent

fw.discovery

Preprocessing

JavaScript: The text is too long. Please see the template.

Item prototypes for Firewall discovery

Name	Description	Type	Key and additional info
Check Point Firewall: Firewall filter name{#SINGLETON}	MIB: CHECKPOINT-MIB Name of the firewall filter.	SNMP agent	fw.filter.name[fwFilterName.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `1h`
Check Point Firewall: Firewall filter install time{#SINGLETON}	MIB: CHECKPOINT-MIB Last install time of the firewall filter.	SNMP agent	fw.filter.installed[fwFilterDate.{#SNMPINDEX}] Preprocessing JavaScript: `The text is too long. Please see the template.` Discard unchanged with heartbeat: `6h`
Check Point Firewall: Firewall version{#SINGLETON}	MIB: CHECKPOINT-MIB Current version of the firewall.	SNMP agent	fw.version[fwVersion.{#SNMPINDEX}] Preprocessing JavaScript: `The text is too long. Please see the template.` Discard unchanged with heartbeat: `1h`
Check Point Firewall: Accepted packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of accepted packets per second.	SNMP agent	fw.accepted[fwAccepted.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Rejected packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of rejected packets per second.	SNMP agent	fw.rejected[fwRejected.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Dropped packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of dropped packets per second.	SNMP agent	fw.dropped[fwDropped.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Logged packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of logged packets per second.	SNMP agent	fw.logged[fwLogged.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: SIC Trust State{#SINGLETON}	MIB: CHECKPOINT-MIB Firewall SIC Trust State.	SNMP agent	fw.sic.trust.state[fwSICTrustState.{#SNMPINDEX}]
Check Point Firewall: Utilized drops number per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of dropped packets per second due to instance being fully utilized.	SNMP agent	fw.utilized.drops[fwFullyUtilizedDrops.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Concurrent connections{#SINGLETON}	MIB: CHECKPOINT-MIB Number of concurrent IPv6 and IPv4 connections.	SNMP agent	fw.conn.num[fwNumConn.{#SNMPINDEX}]
Check Point Firewall: Peak concurrent connections{#SINGLETON}	MIB: CHECKPOINT-MIB Peak number of concurrent connections since last reboot.	SNMP agent	fw.conn.num.peak[fwPeakNumConn.{#SNMPINDEX}]

Trigger prototypes for Firewall discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point Firewall: Instance is currently fully utilized	This trigger uses the number of dropped packets, an increase of which indicates that the instance is fully utilized.	`avg(/Check Point Next Generation Firewall by SNMP/fw.utilized.drops[fwFullyUtilizedDrops.{#SNMPINDEX}],5m)>{$FW.DROPPED.PACKETS.TH}`	High

LLD rule VPN discovery

Name Description Type Key and additional info

VPN discovery

For discovering VPN tunnels from CHECKPOINT-MIB.

Dependent item

vpn.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for VPN discovery

Name	Description	Type	Key and additional info
VPN {#VPN.NAME}: Peer IP address	MIB: CHECKPOINT-MIB VPN peer IP address.	Dependent item	vpn.tunnel.peer_ip[tunnelPeerIpAddr.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.1.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Tunnel state	MIB: CHECKPOINT-MIB VPN tunnel state: 3 - active 4 - destroy 129 - idle 130 - phase1 131 - down 132 - init	Dependent item	vpn.tunnel.state[tunnelState.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.3.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`
VPN {#VPN.NAME}: Community	MIB: CHECKPOINT-MIB VPN tunnel community.	Dependent item	vpn.tunnel.community[tunnelCommunity.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.4.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Tunnel interface	MIB: CHECKPOINT-MIB VPN tunnel interface.	Dependent item	vpn.tunnel.netif[tunnelInterface.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.6.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Source IP	MIB: CHECKPOINT-MIB Source IP address.	Dependent item	vpn.tunnel.src_ip[tunnelSourceIpAddr.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.7.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Link priority	MIB: CHECKPOINT-MIB Link priority.	Dependent item	vpn.tunnel.priority[tunnelLinkPriority.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.8.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`
VPN {#VPN.NAME}: Probing state	MIB: CHECKPOINT-MIB VPN tunnel probing state: 0 - unknown 1 - alive 2 - dead	Dependent item	vpn.tunnel.prob_state[tunnelProbState.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.9.{#SNMPINDEX}`
VPN {#VPN.NAME}: Peer type	MIB: CHECKPOINT-MIB VPN peer type.	Dependent item	vpn.tunnel.peer_type[tunnelPeerType.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.10.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`
VPN {#VPN.NAME}: Tunnel type	MIB: CHECKPOINT-MIB VPN tunnel type.	Dependent item	vpn.tunnel.type[tunnelType.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.500.9002.1.11.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`

Trigger prototypes for VPN discovery

Name	Description	Expression	Severity	Dependencies and additional info
VPN {#VPN.NAME}: Tunnel down	This trigger expression works as follows: 1. It can be triggered if the current tunnel state is down. 2. `{$VPN.STATE.CONTROL:"{#VPN.NAME}"}=1` - a user can redefine the context macro to "0", marking this notification as not important. No new trigger will be fired if this tunnel is down.	`{$VPN.STATE.CONTROL:"{#VPN.NAME}"}=1 and last(/Check Point Next Generation Firewall by SNMP/vpn.tunnel.state[tunnelState.{#SNMPINDEX}])=131`	Average	Manual close: Yes

LLD rule CPU discovery

Name Description Type Key and additional info

CPU discovery

For discovering CPU from CHECKPOINT-MIB.

Dependent item

cpu.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for CPU discovery

Name	Description	Type	Key and additional info
CPU Core {#CPU.ID}: CPU user time	MIB: CHECKPOINT-MIB The time the CPU `{#CPU.ID}` has spent running user processes that are not niced.	Dependent item	system.core.user[multiProcUserTime.{#CPU.ID}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.5.1.4.{#SNMPINDEX}`
CPU Core {#CPU.ID}: CPU system time	MIB: CHECKPOINT-MIB The time the CPU `{#CPU.ID}` has spent running the kernel and its processes.	Dependent item	system.core.system[multiProcSystemTime.{#CPU.ID}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.5.1.3.{#SNMPINDEX}`
CPU Core {#CPU.ID}: CPU idle time	MIB: CHECKPOINT-MIB The time the CPU `{#CPU.ID}` has spent doing nothing.	Dependent item	system.core.idle[multiProcIdleTime.{#CPU.ID}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.5.1.2.{#SNMPINDEX}`
CPU Core {#CPU.ID}: CPU utilization	MIB: CHECKPOINT-MIB CPU `{#CPU.ID}` utilization in %.	Dependent item	system.core.util[multiProcUsage.{#CPU.ID}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.5.1.5.{#SNMPINDEX}`

LLD rule Storage discovery

Name Description Type Key and additional info

Storage discovery

For discovering storage disks from CHECKPOINT-MIB.

Dependent item

vfs.fs.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for Storage discovery

Name	Description	Type	Key and additional info
{#DISK.NAME}: Total disk space	MIB: CHECKPOINT-MIB Total disk size in bytes.	Dependent item	vfs.fs.total[multiDiskSize.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.6.1.3.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
{#DISK.NAME}: Used disk space	MIB: CHECKPOINT-MIB Amount of disk used in bytes.	Dependent item	vfs.fs.used[multiDiskUsed.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.6.1.4.{#SNMPINDEX}`
{#DISK.NAME}: Free disk space	MIB: CHECKPOINT-MIB Free disk capacity in bytes.	Dependent item	vfs.fs.free[multiDiskFreeTotalBytes.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.6.1.5.{#SNMPINDEX}`
{#DISK.NAME}: Available disk space	MIB: CHECKPOINT-MIB Available free disk (not reserved by the OS) in bytes.	Dependent item	vfs.fs.avail[multiDiskFreeAvailableBytes.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.6.1.7.{#SNMPINDEX}`
{#DISK.NAME}: Disk space utilization	Space utilization calculated by the free percentage metric `multiDiskFreeTotalPercent`, expressed in %	Dependent item	vfs.fs.pused[multiDiskUsagePercent.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.7.6.1.6.{#SNMPINDEX}` JavaScript: `return 100 - Number(value);`

Trigger prototypes for Storage discovery

Name	Description	Expression	Severity	Dependencies and additional info
{#DISK.NAME}: Disk space is critically low	Two conditions should match: 1. The first condition - utilization of the space should be above `{$DISK.PUSED.MAX.CRIT:"{#DISK.NAME}"}`. 2. The second condition should be one of the following: - the disk free space is less than `{$DISK.FREE.MIN.CRIT:"{#DISK.NAME}"}`; - the disk will be full in less than 24 hours.	`last(/Check Point Next Generation Firewall by SNMP/vfs.fs.pused[multiDiskUsagePercent.{#SNMPINDEX}])>{$DISK.PUSED.MAX.CRIT:"{#DISK.NAME}"} and (last(/Check Point Next Generation Firewall by SNMP/vfs.fs.total[multiDiskSize.{#SNMPINDEX}])-last(/Check Point Next Generation Firewall by SNMP/vfs.fs.used[multiDiskUsed.{#SNMPINDEX}]))<{$DISK.FREE.MIN.CRIT:"{#DISK.NAME}"}`	Average	Manual close: Yes
{#DISK.NAME}: Disk space is low	Two conditions should match: 1. The first condition - utilization of the space should be above `{$DISK.PUSED.MAX.WARN:"{#DISK.NAME}"}`. 2. The second condition should be one of the following: - the disk free space is less than `{$DISK.FREE.MIN.WARN:"{#DISK.NAME}"}`; - the disk will be full in less than 24 hours.	`last(/Check Point Next Generation Firewall by SNMP/vfs.fs.pused[multiDiskUsagePercent.{#SNMPINDEX}])>{$DISK.PUSED.MAX.WARN:"{#DISK.NAME}"} and (last(/Check Point Next Generation Firewall by SNMP/vfs.fs.total[multiDiskSize.{#SNMPINDEX}])-last(/Check Point Next Generation Firewall by SNMP/vfs.fs.used[multiDiskUsed.{#SNMPINDEX}]))<{$DISK.FREE.MIN.WARN:"{#DISK.NAME}"}`	Warning	Manual close: Yes Depends on: {#DISK.NAME}: Disk space is critically low

LLD rule Network interfaces discovery

Name Description Type Key and additional info

Network interfaces discovery

For discovering interfaces from IF-MIB.

Dependent item

net.if.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for Network interfaces discovery

Name	Description	Type	Key and additional info
Interface {#IFNAME}({#IFALIAS}): Operational status	MIB: IF-MIB The current operational state of the interface. - The `testing(3)` state indicates that no operational packets can be passed. - If `ifAdminStatus` is `down(2)`, then `ifOperStatus` should be `down(2)`. - If `ifAdminStatus` is changed to `up(1)`, then `ifOperStatus` should change to `up(1)` if the interface is ready to transmit and receive network traffic. - It should change to `dormant(5)` if the interface is waiting for external actions (such as a serial line waiting for an incoming connection). - It should remain in the `down(2)` state if and only if there is a fault that prevents it from going to the `up(1)` state. - It should remain in the `notPresent(6)` state if the interface has missing (typically, hardware) components.	Dependent item	net.if.status[ifOperStatus.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.8.{#SNMPINDEX}`
Interface {#IFNAME}({#IFALIAS}): Bits received	MIB: IF-MIB The total number of octets received on the interface, including framing characters. This object is a 64-bit version of `ifInOctets`. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.in[ifInOctets.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.31.1.1.1.6.{#SNMPINDEX}` Change per second Custom multiplier: `8`
Interface {#IFNAME}({#IFALIAS}): Bits sent	MIB: IF-MIB The total number of octets transmitted out of the interface, including framing characters. This object is a 64-bit version of `ifOutOctets`. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.out[ifOutOctets.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.31.1.1.1.10.{#SNMPINDEX}` Change per second Custom multiplier: `8`
Interface {#IFNAME}({#IFALIAS}): Inbound packets with errors	MIB: IF-MIB For packet-oriented interfaces - the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces - the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.in.errors[ifInErrors.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.14.{#SNMPINDEX}` Change per second
Interface {#IFNAME}({#IFALIAS}): Outbound packets with errors	MIB: IF-MIB For packet-oriented interfaces - the number of outbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces - the number of outbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.out.errors[ifOutErrors.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.20.{#SNMPINDEX}` Change per second
Interface {#IFNAME}({#IFALIAS}): Outbound packets discarded	MIB: IF-MIB The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.out.discards[ifOutDiscards.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.19.{#SNMPINDEX}` Change per second
Interface {#IFNAME}({#IFALIAS}): Inbound packets discarded	MIB: IF-MIB The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	Dependent item	net.if.in.discards[ifInDiscards.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.13.{#SNMPINDEX}` Change per second
Interface {#IFNAME}({#IFALIAS}): Interface type	MIB: IF-MIB The type of interface. Additional values for `ifType` are assigned by the Internet Assigned Numbers Authority (IANA) through updating the syntax of the IANAifType textual convention.	Dependent item	net.if.type[ifType.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.2.2.1.3.{#SNMPINDEX}` Discard unchanged with heartbeat: `1d`
Interface {#IFNAME}({#IFALIAS}): Speed	MIB: IF-MIB An estimate of the interface's current bandwidth in units of 1,000,000 bits per second. If this object reports a value of `n`, then the speed of the interface is somewhere in the range of `n-500,000` to `n+499,999`. For interfaces that do not vary in bandwidth or for those where no accurate estimation can be made, this object should contain the nominal bandwidth. For a sub-layer which has no concept of bandwidth, this object should be zero.	Dependent item	net.if.speed[ifSpeed.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.2.1.31.1.1.1.15.{#SNMPINDEX}` Custom multiplier: `1000000` Discard unchanged with heartbeat: `1h`

Trigger prototypes for Network interfaces discovery

Name	Description	Expression	Severity	Dependencies and additional info
Interface {#IFNAME}({#IFALIAS}): Link down	This trigger expression works as follows: 1. It can be triggered if the interface link status is down. 2. `{$NET.IF.CONTROL:"{#IFNAME}"}=1` - a user can redefine the context macro to "0", marking this interface as not important. No new trigger will be fired if this interface link is down. 3. `{TEMPLATE_NAME:METRIC.diff()}=1` - the trigger fires only if the interface link status was up to "1" sometime before. WARNING: If closed manually, it will not fire again on the next poll because of `diff`.	`{$NET.IF.CONTROL:"{#IFNAME}"}=1 and last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}])=2 and (last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}],#1)<>last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}],#2))`	Average	Manual close: Yes
Interface {#IFNAME}({#IFALIAS}): High bandwidth usage	The utilization of the network interface is close to its estimated maximum bandwidth.	(avg(/Check Point Next Generation Firewall by SNMP/net.if.in[ifInOctets.{#SNMPINDEX}],15m)>({$NET.IF.UTIL.MAX:"{#IFNAME}"}/100)last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}]) or avg(/Check Point Next Generation Firewall by SNMP/net.if.out[ifOutOctets.{#SNMPINDEX}],15m)>({$NET.IF.UTIL.MAX:"{#IFNAME}"}/100)last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])) and last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])>0	Warning	Manual close: Yes Depends on: Interface {#IFNAME}({#IFALIAS}): Link down
Interface {#IFNAME}({#IFALIAS}): High error rate	It recovers when it is below 80% of the `{$NET.IF.ERRORS.WARN:"{#IFNAME}"}` threshold.	`min(/Check Point Next Generation Firewall by SNMP/net.if.in.errors[ifInErrors.{#SNMPINDEX}],5m)>{$NET.IF.ERRORS.WARN:"{#IFNAME}"} or min(/Check Point Next Generation Firewall by SNMP/net.if.out.errors[ifOutErrors.{#SNMPINDEX}],5m)>{$NET.IF.ERRORS.WARN:"{#IFNAME}"}`	Warning	Manual close: Yes Depends on: Interface {#IFNAME}({#IFALIAS}): Link down
Interface {#IFNAME}({#IFALIAS}): Ethernet has changed to lower speed than it was before	This Ethernet connection has transitioned down from its known maximum speed. This might be a sign of autonegotiation issues. Acknowledge to close the problem manually.	change(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])<0 and last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])>0 and ( last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=6 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=7 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=11 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=62 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=69 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=117 ) and (last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}])<>2)	Info	Manual close: Yes Depends on: Interface {#IFNAME}({#IFALIAS}): Link down

LLD rule Temperature discovery

Name Description Type Key and additional info

Temperature discovery

For discovering temperature sensors from CHECKPOINT-MIB.

Dependent item

temperature.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for Temperature discovery

Name Description Type Key and additional info

{#SENSOR.NAME}: Temperature

MIB: CHECKPOINT-MIB

Current temperature reading in degrees Celsius from the hardware component's temperature sensor.

Dependent item

sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}]

Preprocessing

SNMP walk value: 1.3.6.1.4.1.2620.1.6.7.8.1.1.3.{#SNMPINDEX}

Trigger prototypes for Temperature discovery

Name	Description	Expression	Severity	Dependencies and additional info
{#SENSOR.NAME}: Temperature is above critical threshold	This trigger uses temperature sensor values.	`avg(/Check Point Next Generation Firewall by SNMP/sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}],5m)>{$TEMP.VALUE.CRIT:"{#SENSOR.NAME}"}`	High
{#SENSOR.NAME}: Temperature is above warning threshold	This trigger uses temperature sensor values.	`avg(/Check Point Next Generation Firewall by SNMP/sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}],5m)>{$TEMP.VALUE.WARN:"{#SENSOR.NAME}"}`	Warning	Depends on: {#SENSOR.NAME}: Temperature is above critical threshold
{#SENSOR.NAME}: Temperature is too low	This trigger uses temperature sensor values.	`avg(/Check Point Next Generation Firewall by SNMP/sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}],5m)<{$TEMP.VALUE.LOW:"{#SENSOR.NAME}"}`	Average

LLD rule FAN discovery

Name Description Type Key and additional info

FAN discovery

For discovering fan sensors from CHECKPOINT-MIB.

Dependent item

fan.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for FAN discovery

Name Description Type Key and additional info

FAN {#SNMPINDEX}: Fan status

MIB: CHECKPOINT-MIB

Current status of the fan tray.

Dependent item

sensor.fan.status[fanSpeedSensorStatus.{#SNMPINDEX}]

Preprocessing

SNMP walk value: 1.3.6.1.4.1.2620.1.6.7.8.2.1.6.{#SNMPINDEX}

FAN {#SNMPINDEX}: Fan speed

MIB: CHECKPOINT-MIB

Current speed of the fan.

Dependent item

sensor.fan.speed[fanSpeedSensorValue.{#SNMPINDEX}]

Preprocessing

SNMP walk value: 1.3.6.1.4.1.2620.1.6.7.8.2.1.3.{#SNMPINDEX}

Trigger prototypes for FAN discovery

Name	Description	Expression	Severity	Dependencies and additional info
FAN {#SNMPINDEX}: Fan speed is out of range	Please check the fan unit.	`count(/Check Point Next Generation Firewall by SNMP/sensor.fan.status[fanSpeedSensorStatus.{#SNMPINDEX}],#3,"eq",1)=3`	Average

LLD rule Voltage discovery

Name Description Type Key and additional info

Voltage discovery

For discovering voltage sensors from CHECKPOINT-MIB.

Dependent item

voltage.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for Voltage discovery

Name Description Type Key and additional info

{#SENSOR.NAME}: Voltage value

MIB: CHECKPOINT-MIB

Most recent measurement obtained by the agent for this sensor.

Dependent item

sensor.volt.value[voltageSensorValue.{#SNMPINDEX}]

Preprocessing

SNMP walk value: 1.3.6.1.4.1.2620.1.6.7.8.3.1.3.{#SNMPINDEX}

LLD rule PSU discovery

Name Description Type Key and additional info

PSU discovery

For discovering power supply sensors from CHECKPOINT-MIB.

Dependent item

psu.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for PSU discovery

Name Description Type Key and additional info

PSU {#SNMPINDEX}: Power supply status

MIB: CHECKPOINT-MIB

Power supply status.

Dependent item

sensor.psu.status[powerSupplyStatus.{#SNMPINDEX}]

Preprocessing

SNMP walk value: 1.3.6.1.4.1.2620.1.6.7.9.1.1.2.{#SNMPINDEX}
JavaScript: The text is too long. Please see the template.
Discard unchanged with heartbeat: 1h

Trigger prototypes for PSU discovery

Name	Description	Expression	Severity	Dependencies and additional info
PSU {#SNMPINDEX}: Power supply is in down state	Please check the power supply unit for errors.	`count(/Check Point Next Generation Firewall by SNMP/sensor.psu.status[powerSupplyStatus.{#SNMPINDEX}],#3,"eq",1)=3`	Average

LLD rule Software blades discovery

Name Description Type Key and additional info

Software blades discovery

For discovering software blades and features from CHECKPOINT-MIB.

Dependent item

svn.sw.discovery

Preprocessing

SNMP walk to JSON
Discard unchanged with heartbeat: 1h

Item prototypes for Software blades discovery

Name	Description	Type	Key and additional info
{#SW.NAME}: License state	MIB: CHECKPOINT-MIB Current license state of the software blade.	Dependent item	svn.sw.license.state[licensingState.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.18.1.1.5.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
{#SW.NAME}: License expiration date	MIB: CHECKPOINT-MIB Expiration date for the license of the software blade. Doesn't return a value if the license doesn't have an expiration date.	Dependent item	svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.18.1.1.6.{#SNMPINDEX}` Does not match regular expression: `^0$` ??Custom on fail: Discard value Discard unchanged with heartbeat: `6h`
{#SW.NAME}: Software blade status	MIB: CHECKPOINT-MIB Current software blade status.	Dependent item	svn.sw.status[licensingBladeActive.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.18.1.1.8.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`
{#SW.NAME}: License total quota	MIB: CHECKPOINT-MIB Total quota amount for the license of the software blade.	Dependent item	svn.sw.license.quota.total[licensingTotalQuota.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.18.1.1.9.{#SNMPINDEX}` Discard unchanged with heartbeat: `6h`
{#SW.NAME}: License used quota	MIB: CHECKPOINT-MIB Used quota amount for the license of the software blade.	Dependent item	svn.sw.license.quota.used[licensingUsedQuota.{#SNMPINDEX}] Preprocessing SNMP walk value: `1.3.6.1.4.1.2620.1.6.18.1.1.10.{#SNMPINDEX}` Discard unchanged with heartbeat: `1h`

Trigger prototypes for Software blades discovery

Name	Description	Expression	Severity	Dependencies and additional info
{#SW.NAME}: License expires soon	This trigger expression works as follows: 1. It can be triggered if the license expires soon. 2. `{$LICENSE.CONTROL:"{#SW.NAME}"}=1` - a user can redefine the context macro to "0", marking the current license as not important. No new trigger will be fired if this license expires.	`{$LICENSE.CONTROL:"{#SW.NAME}"}=1 and (last(/Check Point Next Generation Firewall by SNMP/svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}]) - now()) / 86400 < {$LICENSE.EXPIRY.WARN:"{#SW.NAME}"} and last(/Check Point Next Generation Firewall by SNMP/svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}]) > now()`	Warning	Manual close: Yes
{#SW.NAME}: License has been expired	This trigger expression works as follows: 1. It can be triggered if the license has been expired. 2. `{$LICENSE.CONTROL:"{#SW.NAME}"}=1` - a user can redefine the context macro to "0", marking the current license as not important. No new trigger will be fired if this license is expired.	`{$LICENSE.CONTROL:"{#SW.NAME}"}=1 and (last(/Check Point Next Generation Firewall by SNMP/svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}]) - now()) / 86400 < now()`	Average	Manual close: Yes

Feedback

Please report any issues with the template at

You can also provide feedback, discuss the template, or ask for help at ZABBIX forums

This template is for 龙虎赌博 version: 6.0

Also available for: 7.2 7.0 6.4

Source:

Check Point Next Generation Firewall by SNMP

Overview

This template is designed for the effortless deployment of Check Point Next Generation Firewall monitoring by 龙虎赌博 via SNMP and doesn't require any external scripts.

Requirements

龙虎赌博 version: 6.0 and higher.

Tested versions

This template has been tested on:

Check Point 4800 Appliance Next Generation Firewall

Configuration

龙虎赌博 should be configured according to the instructions in the Templates out of the box section.

Setup

Refer to vendor .

Macros used

Name	Description	Default
{$CPU.UTIL.CRIT}	Threshold of CPU utilization for the Warning trigger in %.	`90`
{$LOAD_AVG_PER_CPU.MAX.WARN}	Load per CPU considered sustainable. Change if needed.	`1.5`
{$ICMP_LOSS_WARN}	Threshold of ICMP packet loss for the Warning trigger in %.	`20`
{$ICMP_RESPONSE_TIME_WARN}	Threshold of average ICMP response time for the Warning trigger in seconds.	`0.15`
{$SNMP.TIMEOUT}	Time interval for the SNMP availability trigger.	`5m`
{$MEMORY.UTIL.MAX}	Warning threshold for the item "Physical memory: Memory utilization".	`90`
{$FW.DROPPED.PACKETS.TH}	Used in Firewall discovery.	`0`
{$DISK.FREE.MIN.CRIT}	Critical threshold of disk space usage.	`5G`
{$DISK.FREE.MIN.WARN}	Warning threshold of disk space usage.	`10G`
{$DISK.PUSED.MAX.WARN}	Disk utilization threshold for Warning trigger in %.	`80`
{$DISK.PUSED.MAX.CRIT}	Disk utilization threshold for Critical trigger in %.	`90`
{$DISK.NAME.MATCHES}	Used in Storage discovery. Can be overridden on the host or linked template level.	`.+`
{$DISK.NAME.NOT_MATCHES}	Used in Storage discovery. Can be overridden on the host or linked template level.	`^(/dev\|/sys\|/run\|/proc\|.+/shm$)`
{$VPN.NAME.MATCHES}	Used in VPN discovery. Can be overridden on the host or linked template level.	`.*`
{$VPN.NAME.NOT_MATCHES}	Used in VPN discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$VPN.STATE.CONTROL}	Used in the "Tunnel down" trigger. Can be used with the interface name as context.	`1`
{$NET.IF.ERRORS.WARN}	Threshold of error packet rate for the Warning trigger. Can be used with the interface name as context.	`2`
{$NET.IF.UTIL.MAX}	Threshold of interface bandwidth utilization for the Warning trigger in %. Can be used with interface name as context.	`95`
{$NET.IF.CONTROL}	Macro for the interface operational state for the "Link down" trigger. Can be used with the interface name as context.	`1`
{$NET.IF.IFADMINSTATUS.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFADMINSTATUS.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`^2$`
{$NET.IF.IFDESCR.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFDESCR.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$NET.IF.IFNAME.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFNAME.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$NET.IF.IFOPERSTATUS.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFOPERSTATUS.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`^6$`
{$NET.IF.IFTYPE.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFTYPE.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$NET.IF.IFALIAS.MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`.*`
{$NET.IF.IFALIAS.NOT_MATCHES}	Used in Network interfaces discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$TEMP.NAME.MATCHES}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`.*`
{$TEMP.NAME.NOT_MATCHES}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$TEMP.VALUE.LOW}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`5`
{$TEMP.VALUE.CRIT}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`75`
{$TEMP.VALUE.WARN}	Used in Temperature discovery. Can be overridden on the host or linked template level.	`65`
{$VOLT.NAME.MATCHES}	Used in Voltage discovery. Can be overridden on the host or linked template level.	`.*`
{$VOLT.NAME.NOT_MATCHES}	Used in Voltage discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$SW.NAME.MATCHES}	Used in Software blade discovery. Can be overridden on the host or linked template level.	`.*`
{$SW.NAME.NOT_MATCHES}	Used in Software blade discovery. Can be overridden on the host or linked template level.	`CHANGE_IF_NEEDED`
{$LICENSE.EXPIRY.WARN}	Number of days until the license expires.	`7`
{$LICENSE.CONTROL}	Used in Software blade discovery. Can be overridden on the host or linked template level.	`1`

Items

Name	Description	Type	Key and additional info
Check Point: Appliance product name	MIB: CHECKPOINT-MIB Appliance product name.	SNMP agent	system.hw.model Preprocessing Discard unchanged with heartbeat: `1d`
Check Point: Appliance serial number	MIB: CHECKPOINT-MIB Appliance serial number.	SNMP agent	system.hw.serialnumber Preprocessing Discard unchanged with heartbeat: `1d`
Check Point: Appliance manufacturer	MIB: CHECKPOINT-MIB Appliance manufacturer.	SNMP agent	system.hw.manufacturer Preprocessing Discard unchanged with heartbeat: `1d`
Check Point: Remote Access users	MIB: CHECKPOINT-MIB Number of remote access users.	SNMP agent	remote.users.number Preprocessing JSON Path: `$.length()`
Check Point: System contact details	MIB: SNMPv2-MIB Name and contact information of the contact person for the node. If not provided, the value is a zero-length string.	SNMP agent	system.contact Preprocessing Discard unchanged with heartbeat: `12h`
Check Point: System description	MIB: SNMPv2-MIB Full name and version identification of the system's hardware type, software operating system, and networking software.	SNMP agent	system.descr Preprocessing Discard unchanged with heartbeat: `12h`
Check Point: System location	MIB: SNMPv2-MIB Physical location of the node (e.g., `equipment room`, `3rd floor`). If not provided, the value is a zero-length string.	SNMP agent	system.location Preprocessing Discard unchanged with heartbeat: `12h`
Check Point: System name	MIB: SNMPv2-MIB An administratively-assigned name for the node (the node's fully-qualified domain name). If not provided, the value is a zero-length string.	SNMP agent	system.name Preprocessing Discard unchanged with heartbeat: `12h`
Check Point: System object ID	MIB: SNMPv2-MIB The vendor's authoritative identification of the entity as part of the vendor's SMI enterprises subtree with the prefix 1.3.6.1.4.1 (e.g., a vendor with the identifier 1.3.6.1.4.1.4242 might assign a system object with the OID 1.3.6.1.4.1.4242.1.1).	SNMP agent	system.objectid Preprocessing Discard unchanged with heartbeat: `12h`
Check Point: System uptime	MIB: HOST-RESOURCES-V2-MIB Time since the network management portion of the system was last re-initialized.	SNMP agent	system.uptime Preprocessing Custom multiplier: `0.01`
Check Point: Number of CPUs	MIB: CHECKPOINT-MIB Number of processors.	SNMP agent	system.cpu.num Preprocessing Discard unchanged with heartbeat: `1h`
Check Point: CPU utilization	MIB: CHECKPOINT-MIB CPU utilization per core in %.	SNMP agent	system.cpu.util
Check Point: Load average (1m avg)	MIB: UCD-SNMP-MIB Average number of processes being executed or waiting over the last minute.	SNMP agent	system.cpu.load.avg1
Check Point: Load average (5m avg)	MIB: UCD-SNMP-MIB Average number of processes being executed or waiting over the last 5 minutes.	SNMP agent	system.cpu.load.avg5
Check Point: Load average (15m avg)	MIB: UCD-SNMP-MIB Average number of processes being executed or waiting over the last 15 minutes.	SNMP agent	system.cpu.load.avg15
Check Point: CPU user time	MIB: CHECKPOINT-MIB Average time the CPU has spent running user processes that are not niced.	SNMP agent	system.cpu.user
Check Point: CPU system time	MIB: CHECKPOINT-MIB Average time the CPU has spent running the kernel and its processes.	SNMP agent	system.cpu.system
Check Point: CPU idle time	MIB: CHECKPOINT-MIB Average time the CPU has spent doing nothing.	SNMP agent	system.cpu.idle
Check Point: Context switches per second	MIB: UCD-SNMP-MIB Number of context switches per second.	SNMP agent	system.cpu.switches Preprocessing Change per second
Check Point: CPU interrupts per second	MIB: CHECKPOINT-MIB Number of interrupts processed per second.	SNMP agent	system.cpu.intr
Check Point: Total memory	MIB: CHECKPOINT-MIB Total real memory in bytes. Memory used by applications.	SNMP agent	vm.memory.total
Check Point: Active memory	MIB: CHECKPOINT-MIB Active real memory (memory used by applications that is not cached to the disk) in bytes.	SNMP agent	vm.memory.active
Check Point: Free memory	MIB: CHECKPOINT-MIB Free memory available for applications in bytes.	SNMP agent	vm.memory.free
Check Point: Used memory	Used real memory calculated by total real memory and free real memory in bytes.	Calculated	vm.memory.used
Check Point: Memory utilization	Memory utilization in %.	Calculated	vm.memory.util
Check Point: Encrypted packets per second	MIB: CHECKPOINT-MIB Number of encrypted packets per second.	SNMP agent	vpn.packets.encrypted Preprocessing Change per second
Check Point: Decrypted packets per second	MIB: CHECKPOINT-MIB Number of decrypted packets per second.	SNMP agent	vpn.packets.decrypted Preprocessing Change per second
Check Point: ICMP ping	Host accessibility by ICMP. 0 - ICMP ping fails. 1 - ICMP ping successful.	Simple check	icmpping
Check Point: ICMP loss	Percentage of lost packets.	Simple check	icmppingloss
Check Point: ICMP response time	ICMP ping response time (in seconds).	Simple check	icmppingsec
Check Point: SNMP agent availability	Availability of SNMP checks on the host. The value of this item corresponds to the availability icons in the host list. Possible values: 0 - not available 1 - available 2 - unknown	龙虎赌博 internal	zabbix[host,snmp,available]
Check Point: SNMP traps (fallback)	Used to collect all SNMP traps unmatched by other `snmptrap` items.	SNMP trap	snmptrap.fallback

Triggers

Name	Description	Expression	Severity	Dependencies and additional info
Check Point: Device has been replaced	The device serial number has changed. Acknowledge to close the problem manually.	`last(/Check Point Next Generation Firewall by SNMP/system.hw.serialnumber,#1)<>last(/Check Point Next Generation Firewall by SNMP/system.hw.serialnumber,#2) and length(last(/Check Point Next Generation Firewall by SNMP/system.hw.serialnumber))>0`	Info	Manual close: Yes
Check Point: System name has changed	The name of the system has changed. Acknowledge to close the problem manually.	`last(/Check Point Next Generation Firewall by SNMP/system.name,#1)<>last(/Check Point Next Generation Firewall by SNMP/system.name,#2) and length(last(/Check Point Next Generation Firewall by SNMP/system.name))>0`	Info	Manual close: Yes
Check Point: Device has been restarted	Uptime is less than 10 minutes.	`last(/Check Point Next Generation Firewall by SNMP/system.uptime)<10m`	Info	Manual close: Yes
Check Point: High CPU utilization	CPU utilization is too high. The system might be slow to respond.	`min(/Check Point Next Generation Firewall by SNMP/system.cpu.util,5m)>{$CPU.UTIL.CRIT}`	Warning
Check Point: Load average is too high	The load average per CPU is too high. The system may be slow to respond.	`min(/Check Point Next Generation Firewall by SNMP/system.cpu.load.avg1,5m)/last(/Check Point Next Generation Firewall by SNMP/system.cpu.num)>{$LOAD_AVG_PER_CPU.MAX.WARN} and last(/Check Point Next Generation Firewall by SNMP/system.cpu.load.avg5)>0 and last(/Check Point Next Generation Firewall by SNMP/system.cpu.load.avg15)>0`	Average
Check Point: High memory utilization	The system is running out of free memory.	`min(/Check Point Next Generation Firewall by SNMP/vm.memory.util,5m)>{$MEMORY.UTIL.MAX}`	Average
Check Point: Unavailable by ICMP ping	Last three attempts returned timeout. Please check device connectivity.	`max(/Check Point Next Generation Firewall by SNMP/icmpping,#3)=0`	High
Check Point: High ICMP ping loss	ICMP packet loss detected.	`min(/Check Point Next Generation Firewall by SNMP/icmppingloss,5m)>{$ICMP_LOSS_WARN} and min(/Check Point Next Generation Firewall by SNMP/icmppingloss,5m)<100`	Warning	Depends on: Check Point: Unavailable by ICMP ping
Check Point: High ICMP ping response time	Average ICMP response time is too high.	`avg(/Check Point Next Generation Firewall by SNMP/icmppingsec,5m)>{$ICMP_RESPONSE_TIME_WARN}`	Warning	Depends on: Check Point: Unavailable by ICMP ping Check Point: High ICMP ping loss
Check Point: No SNMP data collection	SNMP is not available for polling. Please check device connectivity and SNMP settings.	`max(/Check Point Next Generation Firewall by SNMP/zabbix[host,snmp,available],{$SNMP.TIMEOUT})=0`	Warning	Depends on: Check Point: Unavailable by ICMP ping

LLD rule Firewall discovery

Name Description Type Key and additional info

Firewall discovery

This discovery will create a set of firewall metrics from CHECKPOINT-MIB if the firewall is installed.

SNMP agent

fw.discovery

Preprocessing

JavaScript: The text is too long. Please see the template.

Item prototypes for Firewall discovery

Name	Description	Type	Key and additional info
Check Point Firewall: Firewall filter name{#SINGLETON}	MIB: CHECKPOINT-MIB Name of the firewall filter.	SNMP agent	fw.filter.name[fwFilterName.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `1h`
Check Point Firewall: Firewall filter install time{#SINGLETON}	MIB: CHECKPOINT-MIB Last install time of the firewall filter.	SNMP agent	fw.filter.installed[fwFilterDate.{#SNMPINDEX}] Preprocessing JavaScript: `The text is too long. Please see the template.` Discard unchanged with heartbeat: `6h`
Check Point Firewall: Firewall version{#SINGLETON}	MIB: CHECKPOINT-MIB Current version of the firewall.	SNMP agent	fw.version[fwVersion.{#SNMPINDEX}] Preprocessing JavaScript: `The text is too long. Please see the template.` Discard unchanged with heartbeat: `1h`
Check Point Firewall: Accepted packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of accepted packets per second.	SNMP agent	fw.accepted[fwAccepted.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Rejected packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of rejected packets per second.	SNMP agent	fw.rejected[fwRejected.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Dropped packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of dropped packets per second.	SNMP agent	fw.dropped[fwDropped.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Logged packets per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of logged packets per second.	SNMP agent	fw.logged[fwLogged.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: SIC Trust State{#SINGLETON}	MIB: CHECKPOINT-MIB Firewall SIC Trust State.	SNMP agent	fw.sic.trust.state[fwSICTrustState.{#SNMPINDEX}]
Check Point Firewall: Utilized drops number per second{#SINGLETON}	MIB: CHECKPOINT-MIB Number of dropped packets per second due to instance being fully utilized.	SNMP agent	fw.utilized.drops[fwFullyUtilizedDrops.{#SNMPINDEX}] Preprocessing Change per second
Check Point Firewall: Concurrent connections{#SINGLETON}	MIB: CHECKPOINT-MIB Number of concurrent IPv6 and IPv4 connections.	SNMP agent	fw.conn.num[fwNumConn.{#SNMPINDEX}]
Check Point Firewall: Peak concurrent connections{#SINGLETON}	MIB: CHECKPOINT-MIB Peak number of concurrent connections since last reboot.	SNMP agent	fw.conn.num.peak[fwPeakNumConn.{#SNMPINDEX}]

Trigger prototypes for Firewall discovery

Name	Description	Expression	Severity	Dependencies and additional info
Check Point Firewall: Instance is currently fully utilized	This trigger uses the number of dropped packets, an increase of which indicates that the instance is fully utilized.	`avg(/Check Point Next Generation Firewall by SNMP/fw.utilized.drops[fwFullyUtilizedDrops.{#SNMPINDEX}],5m)>{$FW.DROPPED.PACKETS.TH}`	High

LLD rule VPN discovery

Name	Description	Type	Key and additional info
VPN discovery	For discovering VPN tunnels from CHECKPOINT-MIB.	SNMP agent	vpn.discovery

Item prototypes for VPN discovery

Name	Description	Type	Key and additional info
VPN {#VPN.NAME}: Peer IP address	MIB: CHECKPOINT-MIB VPN peer IP address.	SNMP agent	vpn.tunnel.peer_ip[tunnelPeerIpAddr.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Tunnel state	MIB: CHECKPOINT-MIB VPN tunnel state: 3 - active 4 - destroy 129 - idle 130 - phase1 131 - down 132 - init	SNMP agent	vpn.tunnel.state[tunnelState.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `1h`
VPN {#VPN.NAME}: Community	MIB: CHECKPOINT-MIB VPN tunnel community.	SNMP agent	vpn.tunnel.community[tunnelCommunity.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Tunnel interface	MIB: CHECKPOINT-MIB VPN tunnel interface.	SNMP agent	vpn.tunnel.netif[tunnelInterface.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Source IP	MIB: CHECKPOINT-MIB Source IP address.	SNMP agent	vpn.tunnel.src_ip[tunnelSourceIpAddr.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `6h`
VPN {#VPN.NAME}: Link priority	MIB: CHECKPOINT-MIB Link priority.	SNMP agent	vpn.tunnel.priority[tunnelLinkPriority.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `1h`
VPN {#VPN.NAME}: Probing state	MIB: CHECKPOINT-MIB VPN tunnel probing state: 0 - unknown 1 - alive 2 - dead	SNMP agent	vpn.tunnel.prob_state[tunnelProbState.{#SNMPINDEX}]
VPN {#VPN.NAME}: Peer type	MIB: CHECKPOINT-MIB VPN peer type.	SNMP agent	vpn.tunnel.peer_type[tunnelPeerType.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `1h`
VPN {#VPN.NAME}: Tunnel type	MIB: CHECKPOINT-MIB VPN tunnel type.	SNMP agent	vpn.tunnel.type[tunnelType.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `1h`

Trigger prototypes for VPN discovery

Name	Description	Expression	Severity	Dependencies and additional info
VPN {#VPN.NAME}: Tunnel down	This trigger expression works as follows: 1. It can be triggered if the current tunnel state is down. 2. `{$VPN.STATE.CONTROL:"{#VPN.NAME}"}=1` - a user can redefine the context macro to "0", marking this notification as not important. No new trigger will be fired if this tunnel is down.	`{$VPN.STATE.CONTROL:"{#VPN.NAME}"}=1 and last(/Check Point Next Generation Firewall by SNMP/vpn.tunnel.state[tunnelState.{#SNMPINDEX}])=131`	Average	Manual close: Yes

LLD rule CPU discovery

Name	Description	Type	Key and additional info
CPU discovery	For discovering CPU from CHECKPOINT-MIB.	SNMP agent	cpu.discovery

Item prototypes for CPU discovery

Name	Description	Type	Key and additional info
CPU Core {#CPU.ID}: CPU user time	MIB: CHECKPOINT-MIB The time the CPU `{#CPU.ID}` has spent running user processes that are not niced.	SNMP agent	system.core.user[multiProcUserTime.{#CPU.ID}]
CPU Core {#CPU.ID}: CPU system time	MIB: CHECKPOINT-MIB The time the CPU `{#CPU.ID}` has spent running the kernel and its processes.	SNMP agent	system.core.system[multiProcSystemTime.{#CPU.ID}]
CPU Core {#CPU.ID}: CPU idle time	MIB: CHECKPOINT-MIB The time the CPU `{#CPU.ID}` has spent doing nothing.	SNMP agent	system.core.idle[multiProcIdleTime.{#CPU.ID}]
CPU Core {#CPU.ID}: CPU utilization	MIB: CHECKPOINT-MIB CPU `{#CPU.ID}` utilization in %.	SNMP agent	system.core.util[multiProcUsage.{#CPU.ID}]

LLD rule Storage discovery

Name	Description	Type	Key and additional info
Storage discovery	For discovering storage disks from CHECKPOINT-MIB.	SNMP agent	vfs.fs.discovery

Item prototypes for Storage discovery

Name	Description	Type	Key and additional info
{#DISK.NAME}: Total disk space	MIB: CHECKPOINT-MIB Total disk size in bytes.	SNMP agent	vfs.fs.total[multiDiskSize.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `6h`
{#DISK.NAME}: Used disk space	MIB: CHECKPOINT-MIB Amount of disk used in bytes.	SNMP agent	vfs.fs.used[multiDiskUsed.{#SNMPINDEX}]
{#DISK.NAME}: Free disk space	MIB: CHECKPOINT-MIB Free disk capacity in bytes.	SNMP agent	vfs.fs.free[multiDiskFreeTotalBytes.{#SNMPINDEX}]
{#DISK.NAME}: Available disk space	MIB: CHECKPOINT-MIB Available free disk (not reserved by the OS) in bytes.	SNMP agent	vfs.fs.avail[multiDiskFreeAvailableBytes.{#SNMPINDEX}]
{#DISK.NAME}: Disk space utilization	Space utilization calculated by the free percentage metric `multiDiskFreeTotalPercent`, expressed in %	SNMP agent	vfs.fs.pused[multiDiskUsagePercent.{#SNMPINDEX}] Preprocessing JavaScript: `return 100 - Number(value);`

Trigger prototypes for Storage discovery

Name	Description	Expression	Severity	Dependencies and additional info
{#DISK.NAME}: Disk space is critically low	Two conditions should match: 1. The first condition - utilization of the space should be above `{$DISK.PUSED.MAX.CRIT:"{#DISK.NAME}"}`. 2. The second condition should be one of the following: - the disk free space is less than `{$DISK.FREE.MIN.CRIT:"{#DISK.NAME}"}`; - the disk will be full in less than 24 hours.	`last(/Check Point Next Generation Firewall by SNMP/vfs.fs.pused[multiDiskUsagePercent.{#SNMPINDEX}])>{$DISK.PUSED.MAX.CRIT:"{#DISK.NAME}"} and (last(/Check Point Next Generation Firewall by SNMP/vfs.fs.total[multiDiskSize.{#SNMPINDEX}])-last(/Check Point Next Generation Firewall by SNMP/vfs.fs.used[multiDiskUsed.{#SNMPINDEX}]))<{$DISK.FREE.MIN.CRIT:"{#DISK.NAME}"}`	Average	Manual close: Yes
{#DISK.NAME}: Disk space is low	Two conditions should match: 1. The first condition - utilization of the space should be above `{$DISK.PUSED.MAX.WARN:"{#DISK.NAME}"}`. 2. The second condition should be one of the following: - the disk free space is less than `{$DISK.FREE.MIN.WARN:"{#DISK.NAME}"}`; - the disk will be full in less than 24 hours.	`last(/Check Point Next Generation Firewall by SNMP/vfs.fs.pused[multiDiskUsagePercent.{#SNMPINDEX}])>{$DISK.PUSED.MAX.WARN:"{#DISK.NAME}"} and (last(/Check Point Next Generation Firewall by SNMP/vfs.fs.total[multiDiskSize.{#SNMPINDEX}])-last(/Check Point Next Generation Firewall by SNMP/vfs.fs.used[multiDiskUsed.{#SNMPINDEX}]))<{$DISK.FREE.MIN.WARN:"{#DISK.NAME}"}`	Warning	Manual close: Yes Depends on: {#DISK.NAME}: Disk space is critically low

LLD rule Network interfaces discovery

Name Description Type Key and additional info

Network interfaces discovery

For discovering interfaces from IF-MIB.

SNMP agent

net.if.discovery

Preprocessing

Discard unchanged with heartbeat: 1h

Item prototypes for Network interfaces discovery

Name	Description	Type	Key and additional info
Interface {#IFNAME}({#IFALIAS}): Operational status	MIB: IF-MIB The current operational state of the interface. - The `testing(3)` state indicates that no operational packets can be passed. - If `ifAdminStatus` is `down(2)`, then `ifOperStatus` should be `down(2)`. - If `ifAdminStatus` is changed to `up(1)`, then `ifOperStatus` should change to `up(1)` if the interface is ready to transmit and receive network traffic. - It should change to `dormant(5)` if the interface is waiting for external actions (such as a serial line waiting for an incoming connection). - It should remain in the `down(2)` state if and only if there is a fault that prevents it from going to the `up(1)` state. - It should remain in the `notPresent(6)` state if the interface has missing (typically, hardware) components.	SNMP agent	net.if.status[ifOperStatus.{#SNMPINDEX}]
Interface {#IFNAME}({#IFALIAS}): Bits received	MIB: IF-MIB The total number of octets received on the interface, including framing characters. This object is a 64-bit version of `ifInOctets`. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	SNMP agent	net.if.in[ifInOctets.{#SNMPINDEX}] Preprocessing Change per second Custom multiplier: `8`
Interface {#IFNAME}({#IFALIAS}): Bits sent	MIB: IF-MIB The total number of octets transmitted out of the interface, including framing characters. This object is a 64-bit version of `ifOutOctets`. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	SNMP agent	net.if.out[ifOutOctets.{#SNMPINDEX}] Preprocessing Change per second Custom multiplier: `8`
Interface {#IFNAME}({#IFALIAS}): Inbound packets with errors	MIB: IF-MIB For packet-oriented interfaces - the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces - the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	SNMP agent	net.if.in.errors[ifInErrors.{#SNMPINDEX}] Preprocessing Change per second
Interface {#IFNAME}({#IFALIAS}): Outbound packets with errors	MIB: IF-MIB For packet-oriented interfaces - the number of outbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces - the number of outbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	SNMP agent	net.if.out.errors[ifOutErrors.{#SNMPINDEX}] Preprocessing Change per second
Interface {#IFNAME}({#IFALIAS}): Outbound packets discarded	MIB: IF-MIB The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	SNMP agent	net.if.out.discards[ifOutDiscards.{#SNMPINDEX}] Preprocessing Change per second
Interface {#IFNAME}({#IFALIAS}): Inbound packets discarded	MIB: IF-MIB The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of `ifCounterDiscontinuityTime`.	SNMP agent	net.if.in.discards[ifInDiscards.{#SNMPINDEX}] Preprocessing Change per second
Interface {#IFNAME}({#IFALIAS}): Interface type	MIB: IF-MIB The type of interface. Additional values for `ifType` are assigned by the Internet Assigned Numbers Authority (IANA) through updating the syntax of the IANAifType textual convention.	SNMP agent	net.if.type[ifType.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `1d`
Interface {#IFNAME}({#IFALIAS}): Speed	MIB: IF-MIB An estimate of the interface's current bandwidth in units of 1,000,000 bits per second. If this object reports a value of `n`, then the speed of the interface is somewhere in the range of `n-500,000` to `n+499,999`. For interfaces that do not vary in bandwidth or for those where no accurate estimation can be made, this object should contain the nominal bandwidth. For a sub-layer which has no concept of bandwidth, this object should be zero.	SNMP agent	net.if.speed[ifSpeed.{#SNMPINDEX}] Preprocessing Custom multiplier: `1000000` Discard unchanged with heartbeat: `1h`

Trigger prototypes for Network interfaces discovery

Name	Description	Expression	Severity	Dependencies and additional info
Interface {#IFNAME}({#IFALIAS}): Link down	This trigger expression works as follows: 1. It can be triggered if the interface link status is down. 2. `{$NET.IF.CONTROL:"{#IFNAME}"}=1` - a user can redefine the context macro to "0", marking this interface as not important. No new trigger will be fired if this interface link is down. 3. `{TEMPLATE_NAME:METRIC.diff()}=1` - the trigger fires only if the interface link status was up to "1" sometime before. WARNING: If closed manually, it will not fire again on the next poll because of `diff`.	`{$NET.IF.CONTROL:"{#IFNAME}"}=1 and last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}])=2 and (last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}],#1)<>last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}],#2))`	Average	Manual close: Yes
Interface {#IFNAME}({#IFALIAS}): High bandwidth usage	The utilization of the network interface is close to its estimated maximum bandwidth.	(avg(/Check Point Next Generation Firewall by SNMP/net.if.in[ifInOctets.{#SNMPINDEX}],15m)>({$NET.IF.UTIL.MAX:"{#IFNAME}"}/100)last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}]) or avg(/Check Point Next Generation Firewall by SNMP/net.if.out[ifOutOctets.{#SNMPINDEX}],15m)>({$NET.IF.UTIL.MAX:"{#IFNAME}"}/100)last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])) and last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])>0	Warning	Manual close: Yes Depends on: Interface {#IFNAME}({#IFALIAS}): Link down
Interface {#IFNAME}({#IFALIAS}): High error rate	It recovers when it is below 80% of the `{$NET.IF.ERRORS.WARN:"{#IFNAME}"}` threshold.	`min(/Check Point Next Generation Firewall by SNMP/net.if.in.errors[ifInErrors.{#SNMPINDEX}],5m)>{$NET.IF.ERRORS.WARN:"{#IFNAME}"} or min(/Check Point Next Generation Firewall by SNMP/net.if.out.errors[ifOutErrors.{#SNMPINDEX}],5m)>{$NET.IF.ERRORS.WARN:"{#IFNAME}"}`	Warning	Manual close: Yes Depends on: Interface {#IFNAME}({#IFALIAS}): Link down
Interface {#IFNAME}({#IFALIAS}): Ethernet has changed to lower speed than it was before	This Ethernet connection has transitioned down from its known maximum speed. This might be a sign of autonegotiation issues. Acknowledge to close the problem manually.	change(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])<0 and last(/Check Point Next Generation Firewall by SNMP/net.if.speed[ifSpeed.{#SNMPINDEX}])>0 and ( last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=6 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=7 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=11 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=62 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=69 or last(/Check Point Next Generation Firewall by SNMP/net.if.type[ifType.{#SNMPINDEX}])=117 ) and (last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}])<>2)	Info	Manual close: Yes Depends on: Interface {#IFNAME}({#IFALIAS}): Link down

LLD rule Temperature discovery

Name	Description	Type	Key and additional info
Temperature discovery	For discovering temperature sensors from CHECKPOINT-MIB.	SNMP agent	temperature.discovery

Item prototypes for Temperature discovery

Name

Description

Type

Key and additional info

{#SENSOR.NAME}: Temperature

MIB: CHECKPOINT-MIB

Current temperature reading in degrees Celsius from the hardware component's temperature sensor.

SNMP agent

sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}]

Trigger prototypes for Temperature discovery

Name	Description	Expression	Severity	Dependencies and additional info
{#SENSOR.NAME}: Temperature is above critical threshold	This trigger uses temperature sensor values.	`avg(/Check Point Next Generation Firewall by SNMP/sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}],10m)>{$TEMP.VALUE.CRIT:"{#SENSOR.NAME}"}`	High
{#SENSOR.NAME}: Temperature is above warning threshold	This trigger uses temperature sensor values.	`avg(/Check Point Next Generation Firewall by SNMP/sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}],10m)>{$TEMP.VALUE.WARN:"{#SENSOR.NAME}"}`	Warning	Depends on: {#SENSOR.NAME}: Temperature is above critical threshold
{#SENSOR.NAME}: Temperature is too low	This trigger uses temperature sensor values.	`avg(/Check Point Next Generation Firewall by SNMP/sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}],10m)<{$TEMP.VALUE.LOW:"{#SENSOR.NAME}"}`	Average

LLD rule FAN discovery

Name	Description	Type	Key and additional info
FAN discovery	For discovering fan sensors from CHECKPOINT-MIB.	SNMP agent	fan.discovery

Item prototypes for FAN discovery

Name

Description

Type

Key and additional info

FAN {#SNMPINDEX}: Fan status

MIB: CHECKPOINT-MIB

Current status of the fan tray.

SNMP agent

sensor.fan.status[fanSpeedSensorStatus.{#SNMPINDEX}]

FAN {#SNMPINDEX}: Fan speed

MIB: CHECKPOINT-MIB

Current speed of the fan.

SNMP agent

sensor.fan.speed[fanSpeedSensorValue.{#SNMPINDEX}]

Trigger prototypes for FAN discovery

Name	Description	Expression	Severity	Dependencies and additional info
FAN {#SNMPINDEX}: Fan speed is out of range	Please check the fan unit.	`count(/Check Point Next Generation Firewall by SNMP/sensor.fan.status[fanSpeedSensorStatus.{#SNMPINDEX}],#3,"eq",1)=3`	Average

LLD rule Voltage discovery

Name	Description	Type	Key and additional info
Voltage discovery	For discovering voltage sensors from CHECKPOINT-MIB.	SNMP agent	voltage.discovery

Item prototypes for Voltage discovery

Name

Description

Type

Key and additional info

{#SENSOR.NAME}: Voltage value

MIB: CHECKPOINT-MIB

Most recent measurement obtained by the agent for this sensor.

SNMP agent

sensor.volt.value[voltageSensorValue.{#SNMPINDEX}]

LLD rule PSU discovery

Name	Description	Type	Key and additional info
PSU discovery	For discovering power supply sensors from CHECKPOINT-MIB.	SNMP agent	psu.discovery

Item prototypes for PSU discovery

Name Description Type Key and additional info

PSU {#SNMPINDEX}: Power supply status

MIB: CHECKPOINT-MIB

Power supply status.

SNMP agent

sensor.psu.status[powerSupplyStatus.{#SNMPINDEX}]

Preprocessing

JavaScript: The text is too long. Please see the template.
Discard unchanged with heartbeat: 1h

Trigger prototypes for PSU discovery

Name	Description	Expression	Severity	Dependencies and additional info
PSU {#SNMPINDEX}: Power supply is in down state	Please check the power supply unit for errors.	`count(/Check Point Next Generation Firewall by SNMP/sensor.psu.status[powerSupplyStatus.{#SNMPINDEX}],#3,"eq",1)=3`	Average

LLD rule Software blades discovery

Name	Description	Type	Key and additional info
Software blades discovery	For discovering software blades and features from CHECKPOINT-MIB.	SNMP agent	svn.sw.discovery

Item prototypes for Software blades discovery

Name	Description	Type	Key and additional info
{#SW.NAME}: License state	MIB: CHECKPOINT-MIB Current license state of the software blade.	SNMP agent	svn.sw.license.state[licensingState.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `6h`
{#SW.NAME}: License expiration date	MIB: CHECKPOINT-MIB Expiration date for the license of the software blade. Doesn't return a value if the license doesn't have an expiration date.	SNMP agent	svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}] Preprocessing Does not match regular expression: `^0$` ??Custom on fail: Discard value Discard unchanged with heartbeat: `6h`
{#SW.NAME}: Software blade status	MIB: CHECKPOINT-MIB Current software blade status.	SNMP agent	svn.sw.status[licensingBladeActive.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `1h`
{#SW.NAME}: License total quota	MIB: CHECKPOINT-MIB Total quota amount for the license of the software blade.	SNMP agent	svn.sw.license.quota.total[licensingTotalQuota.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `6h`
{#SW.NAME}: License used quota	MIB: CHECKPOINT-MIB Used quota amount for the license of the software blade.	SNMP agent	svn.sw.license.quota.used[licensingUsedQuota.{#SNMPINDEX}] Preprocessing Discard unchanged with heartbeat: `1h`

Trigger prototypes for Software blades discovery

Name	Description	Expression	Severity	Dependencies and additional info
{#SW.NAME}: License expires soon	This trigger expression works as follows: 1. It can be triggered if the license expires soon. 2. `{$LICENSE.CONTROL:"{#SW.NAME}"}=1` - a user can redefine the context macro to "0", marking the current license as not important. No new trigger will be fired if this license expires.	`{$LICENSE.CONTROL:"{#SW.NAME}"}=1 and (last(/Check Point Next Generation Firewall by SNMP/svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}]) - now()) / 86400 < {$LICENSE.EXPIRY.WARN:"{#SW.NAME}"} and last(/Check Point Next Generation Firewall by SNMP/svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}]) > now()`	Warning	Manual close: Yes
{#SW.NAME}: License has been expired	This trigger expression works as follows: 1. It can be triggered if the license has been expired. 2. `{$LICENSE.CONTROL:"{#SW.NAME}"}=1` - a user can redefine the context macro to "0", marking the current license as not important. No new trigger will be fired if this license is expired.	`{$LICENSE.CONTROL:"{#SW.NAME}"}=1 and (last(/Check Point Next Generation Firewall by SNMP/svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}]) - now()) / 86400 < now()`	Average	Manual close: Yes

Feedback

Please report any issues with the template at

You can also provide feedback, discuss the template, or ask for help at ZABBIX forums

Link	Source	Compatibility	Type, Technology	Created Updated
Checkpoint VPN-1 Use this template to monitor Checkpoint firewalls VPN activity.The following value map must be created for the Checkpoint templates collection :"Checkpoint standard status"0 ? OK1 ? Warning2 ? ErrorThe advsnmp.discovery external script (https://github.com/simonkowallik/龙虎赌博-Addons/tree/master/advsnmp.discovery)	GitHub Community Templates	5.0+
CheckPoint FW-1 Interfaces Use this template to monitor Checkpoint firewalls interfaces and packet filtering.The following value map must be created for the Checkpoint templates collection :"Checkpoint standard status"0 ? OK1 ? Warning2 ? ErrorThe advsnmp.discovery external script (https://github.com/simonkowallik/龙虎赌博-Addons/tree/master/advsnmp.discovery)	GitHub Community Templates	5.0+
CheckPoint FW-1 Use this template to monitor Checkpoint firewalls CPU, mem, HA status and FW-1 activity.The following value map must be created for the Checkpoint templates collection :"Checkpoint standard status"0 ? OK1 ? Warning2 ? ErrorThe advsnmp.discovery external script (https://github.com/simonkowallik/龙虎赌博-Addons/tree/master/advsnmp.discovery)	GitHub Community Templates	5.0+
CheckPoint SNMP	GitHub Community Templates	5.0+
Pointix - Integrating Check Point and 龙虎赌博 Pointix uses the Check Point API to obtain all of the devices on the network and the 龙虎赌博 API for adding all of the devices to be monitored.	GitHub 6		Python	2020-02-27 3 y

龙虎赌博 + Check Point

Check Point

Dostupná ?别?别苍í

Check Point Next Generation Firewall by SNMP

Overview

Requirements

Tested versions

Configuration

Setup

Macros used

Items

Triggers

LLD rule Firewall discovery

Item prototypes for Firewall discovery

Trigger prototypes for Firewall discovery

LLD rule VPN discovery

Item prototypes for VPN discovery

Trigger prototypes for VPN discovery

LLD rule CPU discovery

Item prototypes for CPU discovery

LLD rule Storage discovery

Item prototypes for Storage discovery

Trigger prototypes for Storage discovery

LLD rule Network interfaces discovery

Item prototypes for Network interfaces discovery

Trigger prototypes for Network interfaces discovery

LLD rule Temperature discovery

Item prototypes for Temperature discovery

Trigger prototypes for Temperature discovery

LLD rule FAN discovery

Item prototypes for FAN discovery

Trigger prototypes for FAN discovery

LLD rule Voltage discovery

Item prototypes for Voltage discovery

LLD rule PSU discovery

Item prototypes for PSU discovery

Trigger prototypes for PSU discovery

LLD rule Software blades discovery

Item prototypes for Software blades discovery

Trigger prototypes for Software blades discovery

Feedback

Check Point Next Generation Firewall by SNMP

Overview

Requirements

Tested versions

Configuration

Setup

Macros used

Items

Triggers

LLD rule Firewall discovery

Item prototypes for Firewall discovery

Trigger prototypes for Firewall discovery

LLD rule VPN discovery

Item prototypes for VPN discovery

Trigger prototypes for VPN discovery

LLD rule CPU discovery

Item prototypes for CPU discovery

LLD rule Storage discovery

Item prototypes for Storage discovery

Trigger prototypes for Storage discovery

LLD rule Network interfaces discovery

Item prototypes for Network interfaces discovery

Trigger prototypes for Network interfaces discovery

LLD rule Temperature discovery

Item prototypes for Temperature discovery

Trigger prototypes for Temperature discovery

LLD rule FAN discovery

Item prototypes for FAN discovery

Trigger prototypes for FAN discovery

LLD rule Voltage discovery

Item prototypes for Voltage discovery

LLD rule PSU discovery

Item prototypes for PSU discovery

Trigger prototypes for PSU discovery

LLD rule Software blades discovery

Item prototypes for Software blades discovery

Trigger prototypes for Software blades discovery

Feedback

Check Point Next Generation Firewall by SNMP