While Spectrum does not have Checkpoint Firewall VPN support out of box, if Checkpoint MIBS are imported into Spectrum, then a SpectroWATCH can be created to monitor the CHECKPOINT MIB attribute Tunnel State OID 18.104.22.168.4.1.2620.500.9002.1.3
- tunnel state (3=active, 4=destroy, 129=idle, 130=phase1, 131=down, 132=init, see SK63663)
1. Map tunnelState to an Attribute
2. create Watch on the attribute
- tunnelState is a list attribute - contains a list of currently configured tunnels on the Checkpoint device
**** Watch Expression ****
1. expression can be either tunnelState.# with instance set to "all"
2. or expression can be set to tunnelState.22.214.171.124.0 where '126.96.36.199.0" is the instanceID of that tunnel as seen on Getnext query of tunnelState in MIB Tools
**** Watch Properties *****
1. recommend "evaluate by polling" and UNCHECK "make inheritable"
2. reason is Checkpoint devices in 10.1 are "gnSNMPDev" and setting a polling Watch on GnSNMPDev with "make inheritable" would force spectrum to evaulate the watch on virtually almost all models in spectrum - that would cause problems
3. so, only run the watch on gnSNMPDev devices - best bet
**** Watch Threshold ****
1. recommend setting threshold == 131 - tunnel down
2. set Event to raise Alarm when tunnel is down