Target environment
- Check Point version R81
Link down/up SNMP trap transmission settings
If you want to send link down / up SNMP traps from the Check Point appliance, most people think that the following settings on the SNMP screen of the Gaia portal are sufficient.
- SNMP General Settings
- Enable SNMP Agent
- Version
- Agent Interfaces
- Enable Traps
- linkUPLinkDown
- Trap Receivers Settings
However, this is not enough for link down/up traps.
These traps will not be sent unless the following settings are additionally made.
- V3 – User-Based Security Model (USM)
- Enabled Traps > Trap User
Even if you do not use SNMPv3, set V3 –User-Based Security Model (USM). Then set that user to Trap User. Any user settings are acceptable.
Contents of /var/log/snmpd.log when Trap User is not set
If Trap User is not configured, an error message will be logged in /var/log/snmpd.log as follows:
[Expert@CP81-GW01:0]# cat /var/log/snmpd.log
_ifTable_container_init: setting cache timeout to 5
ifTable_container_init: setting cache timeout to 5
/etc/snmp/snmpd.conf: line 14: Warning: Unknown token: community6.
/etc/snmp/snmpd.conf: line 18: Error: community number invalid: 6, must be > 0 and < 6
/etc/snmp/snmpd.conf: line 19: Warning: Unknown token: community6.
iquerySecName has not been configured - internal queries will fail
/etc/snmp/snmpd.conf: line 32: Error: You must specify a default user name using the agentSecName token
/etc/snmp/snmpd.conf: line 33: Error: You must specify a default user name using the agentSecName token
net-snmp: 3 error(s) in config file(s)
NET-SNMP version 5.8
SNMPD is ready
sending coldstart
unregistering coldstartPrecautions for trap test
If the Check Point appliance is using VRRP and has VRRP New Master trap enabled, this trap will be sent at the same time as the link down/up.
The content of the VRRP New Master trap contains the IP address of the interface, but don’t mistake it for a link down/up trap.
References
Comments