What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Barracuda FW - PHION

Votes:

0

hi all, i have imported the mib of barracuda fw (aka phion) to prtg. i want to monitor the s2s vpn with oid 1.3.6.1.4.1.10704.1.6 i have response from snmp tester but i can't add the correct sensor

From the documentation i see

VPN Tunnels\\
Description: Reports all active site-to-site and client-to-site VPN tunnels established on the firewall.

Node ID: 1.3.6.1.4.1.10704.1.6

PHION-MIB group: vpnTunnels

PHiON-MIB Fields
Name	Type	Description	Possible Values
vpnName DisplayString (64)  Tunnel name	IPSEC-Wien2Inn-5.5.5.0-8.8.8.0, ...\\
vpnState Integer32 Tunnel status	-1 : down, 0 :  down-disabled, 1 :  active\\

For IKEv2 VPN tunnels, the OID will include the SA of the tunnel, which changes periodically. In order to avoid mismatches, remove the last three digits of the OID, for example: If the OID ends with .123.51.49.52, remove .51.49.52

barracuda snpm vpn

Created on Mar 9, 2021 11:35:25 AM

Last change on Mar 9, 2021 12:09:41 PM by Florian Lesage [Paessler Support]



7 Replies

Votes:

0

Hello Michele,

Thank you for you message.

Regarding what you would like to monitor, I'm afraid that PRTG doesn't support dynamic OIDs. When they come to change, PRTG will return an error due to OID not existing anymore.

If the IPSec VPN do not change dynamically, then you can add them in PRTG by using the OID you provided with the SNMP Custom Table sensor.

If you have questions, let us know.

Regards.

Created on Mar 10, 2021 6:48:39 AM by Florian Lesage [Paessler Support]



Votes:

0

Hello Florian, thanks for reply, i want monitor the s2s of my bo, plant and wh and all are tina tunnel (barracuda proprietary ipsec), so i expect no oid change. of course i have some ike v1 and v2, but only with supplier and i don't want monitor them. i have insered the oid in snmp table sensor and seems work, but i don't know how compile the field required..

Created on Mar 10, 2021 7:04:37 AM



Votes:

0

Thank you for your information and clarification.

Can you please explain what you mean exactly by "but i don't know how compile the field required"? Are you talking about the SNMP Custom Table sensor?

If that's the case, then the SNMP Custom Table sensor will create one sensor for each VPN tunnel selected in the list, with the channel(s) you have configured under the list.

According to the OID you provided, there is two OIDs returned which are the Name and the Status of the VPN tunnel. Therefore, you should configure the identification column to the OID which returns the name of the VPN and then, configure the State channel with the second OID, as illustrated below:

Barracuda FW

Of course, you need to create and assign your lookup file to display meaningful information based on the value received.

If you have further questions, let me know.

Regards.

Created on Mar 10, 2021 7:22:41 AM by Florian Lesage [Paessler Support]



Votes:

0

YES! I have added the sensor, thanks for the screenshot! How i can set the response trigger, as for example the dns sensor? i know if is 1 is active, 0 is down and -1 is disabled, so i want 1 green, 0 red and -1 yellow

Created on Mar 10, 2021 7:28:31 AM

Last change on Mar 10, 2021 7:53:53 AM by Florian Lesage [Paessler Support]



Votes:

0

To use the VPN tunnel name as channel name, simply configure the Identification Column field to 1.3.6.1.4.1.10704.1.6.1.1 as illustrated on the screenshot I provided.

Then, configure the following parameters like this:

  • Channel Name: State
  • Channel Column: 1.3.6.1.4.1.10704.1.6.1.2

Regarding the sensor state, I invite you to create a custom lookup for it instead of using limits or threshold trigger only (if you desire to use all values returns by the OID). With a lookup, you can get the state of the tunnel displayed as string and handle the sensor state accordingly.

  <?xml version="1.0" encoding="UTF-8"?>
  <ValueLookup id="BarracudaFW.vpn.status" desiredValue="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="PaeValueLookup.xsd">
    <Lookups>
      <SingleInt state="Error" value="-1">
        Down
      </SingleInt>
	  <SingleInt state="OK" value="0">
        Down(disabled)
      </SingleInt>
      <SingleInt state="OK" value="1">
       Active
      </SingleInt>
     </Lookups>
  </ValueLookup>

To use the lookup above, you need to follow the steps below:

  • Create the lookup file under "C:\Program Files (x86)\PRTG Network Monitor\lookups\custom"
  • Reload the lookups under Setup > System Administration > Administrative Tools > Load Lookups and File Lists (/systemsetup.htm?tabid=7)
  • Configure the lookup in the sensor settings

Regards.

Created on Mar 10, 2021 7:51:18 AM by Florian Lesage [Paessler Support]



Votes:

0

Many many many thanks! i have added all the vpn and all seems fine! i keep in test some days and then i enable the notification! Thanks a lot for help!

Created on Mar 10, 2021 8:03:29 AM



Votes:

0

Thank you for your feedback.

Have a great day.

Created on Mar 10, 2021 8:06:36 AM by Florian Lesage [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.