On Tue, 2007-06-12 at 19:30 -0700, Anthony Mendoza wrote: > What are you trying to monitor on the VPN devices? If you're using SNMP > you can pretty much monitor anything you know the OID for using the > check_snmp plugin. If your Checkpoint VPN is running on a Linux server > then anything exposed by the SNMP daemon is monitorable. > > On 6/12/2007 9:03 AM, Kerry Milestone had said: > > Hello, > > > > does anyone have any hints on how to monitor Checkpoint VPN status? > > Also of interest is how to monitor Sonicwalls, again preferably with > > SNMP trying to keep scripts and processing simple. However I am > > guessing a little more in depth trickery such as checking traceroutes > > and routing tables may be required? Am looking at star network > > topologies with multiple links and VPNs to each site. > > > > Any ideas would be kindly recieved. > > > > Regards, > > Kerry. <snip> We've found the most difficult part of monitoring VPNs has been tunnel availability. Because of the way IPSec works, we cannot trust the VPN gateway's report that a tunnel is up as authoritative. The tunnel may be up from each gateway's perspective but they may be out of sync. We have resolved that problem pretty effectively for our environment.
We are not using Checkpoint or Sonicwalls. Instead, we've been building highly secure VPNs for both LAN-to-LAN and Remote Access using the ISCS network security management project (http://iscs.sourceforge.net) with either SecureComputing SG devices or home grown Linux gateways. We have a script which pings across the tunnel with service dependencies of both gateways. This way, we test the real tunnel availability instead of what the gateways think is the reality. Finally, we have an agent which resets the tunnels if it does find them out of syn. As a result, even when tunnels go out of sync, the outage is usually between 30 and 180 seconds - less time than it would take us just to ascertain what was wrong. Hope that helps - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 [EMAIL PROTECTED] Financially sustainable open source development http://www.opensourcedevel.com ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
