[Check Point R81] Trap user settings are required to send link down/up SNMP traps

Firewall (UTM)

Target environment

  • Check Point version R81

Link down/up SNMP trap transmission settings

If you want to send link down / up SNMP traps from the Check Point appliance, most people think that the following settings on the SNMP screen of the Gaia portal are sufficient.

  • SNMP General Settings
    • Enable SNMP Agent
    • Version
  • Agent Interfaces
  • Enable Traps
    • linkUPLinkDown
  • Trap Receivers Settings

However, this is not enough for link down/up traps.

These traps will not be sent unless the following settings are additionally made.

  • V3 – User-Based Security Model (USM)
  • Enabled Traps > Trap User

Even if you do not use SNMPv3, set V3 –User-Based Security Model (USM). Then set that user to Trap User. Any user settings are acceptable.

Contents of /var/log/snmpd.log when Trap User is not set

If Trap User is not configured, an error message will be logged in /var/log/snmpd.log as follows:

[Expert@CP81-GW01:0]# cat /var/log/snmpd.log 
_ifTable_container_init: setting cache timeout to 5
ifTable_container_init: setting cache timeout to 5
/etc/snmp/snmpd.conf: line 14: Warning: Unknown token: community6.
/etc/snmp/snmpd.conf: line 18: Error: community number invalid:  6, must be > 0 and < 6
/etc/snmp/snmpd.conf: line 19: Warning: Unknown token: community6.
iquerySecName has not been configured - internal queries will fail
/etc/snmp/snmpd.conf: line 32: Error: You must specify a default user name using the agentSecName token

/etc/snmp/snmpd.conf: line 33: Error: You must specify a default user name using the agentSecName token

net-snmp: 3 error(s) in config file(s)
NET-SNMP version 5.8
SNMPD is ready
sending coldstart
unregistering coldstart

Precautions for trap test

If the Check Point appliance is using VRRP and has VRRP New Master trap enabled, this trap will be sent at the same time as the link down/up.

The content of the VRRP New Master trap contains the IP address of the interface, but don’t mistake it for a link down/up trap.

References

Some SNMP Traps require V3 USM information on Gaia OS
<p>After configuring SNMP on Gaia and enabling the <code>LinkUp/LinkDown</code> Trap (<code>linkUpLinkDown</code>), the traps are...


Comments

Copied title and URL