10.5.2. SNMP

UserGate supports monitoring with SNMP v2c and SNMP v3 protocols. Both SNMP queries and SNMP trap management are supported. This allows you to monitor the critical UserGate parameters using the SMNP management software used in your company.

To configure monitoring using SNMP, you need to create SNMP rules. To create an SNMP rule, click the Add button under SNMP and specify the following parameters:

Name

Description

Name

The name of the rule.

Description

(Optional) description of the SNMP rule.

Server IP address for traps

The IP address of the trap server and the port on which the server will listen for notifications. Usually, it is UDP port 162. This setting is required only if you need to send traps to the notification server.

Community

SNMP community is a string that identifies the UserGate server and SNMP management server for SNMP v2c. Use only Latin letters and numbers.

Context

This is an optional parameter that determines the SNMP context. Use only Latin letters and numbers.

Version

Specify the version of the SNMP protocol used in the rule. Available options: SNMPv2c and SNMPv3.

Allow SNMP queries

When enabled, allows receiving and processing of SNMP requests from the SNMP manager.

Allow SNMP traps

When enabled, allows sending of SNMP traps to the server configured to receive notifications.

User

For SNMP v3 only. User name to authenticate the SNMP manager.

Authentication type

Select an authentication mode for the SNMP manager. Options:

  • No authentication; No encryption (noAuthNoPriv).

  • Authentication; No encryption (authNoPriv).

  • Authentication; Encryption (authPriv).

The authPriv mode is considered the most secure.

Authentication algorithm

Algorithm used for authentication.

Authentication password

Password used for authentication.

Encryption algorithm

Algorithm used for encryption. You can use DES or AES.

Encryption password

Password used for encryption.

Events

Parameters the values of which the SNMP manager will be able to read. If trap sending is allowed, a trap is sent to the server when a critical parameter value is reached.

Note

Authentication settings for SNMP v2c (community) and SNMP v3 (user, authentification type, authentication algorithm, authentication password, encryption algorithm, encryption password) on the SNMP manager must match those of UserGate.

For information on configuring authentication settings for your SNMP manager, refer to the configuration guide for your SNMP management software.

The Download MIBs button allows you to download MIB files with UserGate monitoring parameters for later use in the SNMP manager. UserGate is assigned the unique SNMP PEN (Private Enterprise Number) 45741.

You can download the following MIB files:

  • UTM-TRAPS-MIB.

  • UTM-TRAPS-BINDINGS-MIB.

  • UTM-MIB.

  • UTM-INTERFACES-MIB.

UTM-TRAPS-MIB

Name

Description

trapCoreCrush

Core crash.

trapStatDown

Statistics service (UserGate Log Analyzer) unavailable.

trapCoreBootstrapEnd

Server booting has finished successfully.

trapDefaultGatewayChanged

Default gateway has been changed.

trapHighSessionsCounter

Conntrack table 90% full.

trapHighUsersCounter

Number of active users has reached 90% of license threshold.

trapStatusChanged

Status of the HA cluster node has been changed.

trapMemberUp

Status of the HA cluster node has been changed to "Connected".

trapMemberDown

HA cluster node has been disconnected.

trapAttackDetected

Attack detected by IPS.

trapChecksumFailed

Binary files checksum mismatch.

trapHighCPUUsage

High CPU usage.

trapLowMemory

Low memory.

trapLowLogdiskSpace

Not enough disk space to store logs.

trapRaidStatus

RAID status has been changed.

trapPowerSupply

The first power supply is off.

trapCableStatus

Cable has been connected or disconnected from the interface.

trapTrafficDrop

A firewall deny rule has been triggered.

trapLDAPServerDown

LDAP server unavailable.

UTM-TRAPS-BINDINGS-MIB

Name

Data type

Description

utmSessions

Integer

Current number of active sessions.

utmSessionsMax

Integer

Maximum number of active sessions.

utmUsers

Integer

Current number of active users.

utmUsersMax

Integer

Maximum number of active users.

utmHAStatus

Integer

Current status of the HA cluster node:

  • 0: master node.

  • 1: slave node.

  • 3: fault.

utmHAStatusReason

Integer

Reason for the change of the HA cluster node status:

  • 1: connection to the node has been lost.

  • 2: HTTP proxy server unreachable.

  • 3: no reachable gateway.

  • 4: DNS server unreachable.

  • 5: UserGate Management Center node is unreachable.

utmCPUUsage

Integer

CPU load (in %).

utmMemory

Integer

RAM usage (in %).

utmLogdiskSpace

Integer

Disk space used for logs (in %).

utmAdaptecRaidStatus

Integer

Current status of RAID (Redundant Array of Independent Disks) built on the Adaptec controller:

  • no_raid.

  • 0: optimal: the array is in its optimal state.

  • 1: degraded: one drive has completely or partially failed.

  • 2: rebuild: RAID rebuild in progress.

utmBroadcomRaidStatus

Integer

The current status of a RAID (Redundant Array of Independent Disks) built on the Broadcom controller:

  • no_raid.

  • 0: optimal: the array is in its optimal state.

  • 1: degraded: one drive has completely or partially failed. This status occurs if 2 disks fail.

  • 2: partialDegraded: one drive has completely or partially failed.

  • 3: failed: not operable due to an error.

  • 4: offline: drive is not available to the RAID controller.

utmPowerSupply

Integer

Number of power supplies:

  • 1: one power supply.

  • 2: two power supplies.

utmPowerSupplyStatus

Integer

State of the power supply:

  • no_power_supplies.

  • 0: off.

  • 1: on.

utmCSCIfName

String

Interface name.

utmCSCStatus

Integer

Status of the network adapter:

  • 1: cable connected.

  • 2: cable disconnected.

utmLDAPServerName

String

LDAP server name.

utmLDAPServerAddress

String

LDAP server IP address.

UTM-MIB

Name

Data type

Description

vcpuCount

Integer

Number of virtual CPUs in the system.

vcpuUsage

Integer

Virtual CPU load in the system (in %).

usersCounter

Integer

Current number of active users.

cpuLoad

Integer

System CPU load (in %).

memoryUsed

Integer

RAM usage (in %).

logDiskSpace

Integer

Disk space used for logs (in %).

Sys_power_supply1_status

String

State of the first power supply:

  • no_power_supplies.

  • on.

  • off.

Sys_power_supply2_status

String

State of the second power supply.

  • no_power_supplies.

  • on.

  • off.

Sys_raid_status

Integer

Current status of RAID (Redundant Array of Independent Disks):

  • no_raid.

  • 0: optimal: the array is in its optimal state.

  • 1: degraded: one drive has completely or partially failed.

  • 2: rebuild: RAID rebuild in progress.

UTM-INTERFACES-MIB

Name

Data type

Description

ifNumber

Integer

Number of network interfaces.

ifIndex

Integer

The value is unique for each interface. Available values: from 1 to ifNumber.

ifDescr

String

Interface description.

ifType

Integer

Interface type determined according to the physical/link layer protocol:

  • 1: other: unknown type.

  • 2: regular1822: defined in BBN Report 1822.

  • 3: hdh1822: defined in BBN Report 1822.

  • 4: ddn-x25: defined in BBN Report 1822.

  • 5: rfc877-x25: defined in the data link layer standard of the OSI X.25 network model.

  • 6: ethernet-csmacd: Ethernet-type network interface regardless of speed (defined in RFC 3635).

  • 7: iso88023-csmacd: defined in IEEE 802.3.

  • 8: iso88024-tokenBus: defined in IEEE 8802.4.

  • 9: iso88025-tokenRing: network interface uses a Token Ring connection; defined in the IEEE 802.5 standard.

  • 10: iso88026-man: defined in the ISO 88026 standard "MAN".

  • 11: starLan: defined in the IEEE 802.3e standard.

  • 12: proteon-10Mbit: Proteon 10Mbit.

  • 13: proteon-80Mbit: Proteon 80Mbit.

  • 14: hyperchannel: high-speed channel used in ISDN networks.

  • 15: fddi: network interface uses FDDI (Fiber Distributed Data Interface) connection. FDDI is a set of standards for data transmission over fiber-optic lines in local networks.

  • 16: lapb: data link layer protocol used to transmit X.25 standard packets.

  • 17: sdlc: data link layer protocol for IBM system network architecture.

  • 18: ds1: can handle to 24 simultaneous connections at a total speed of 1.544Mbit/s; also called T1.

  • 19: e1: European equivalent of T1.

  • 20: basicISDN: used for communication between the subscriber's equipment and the ISDN station.

  • 21: primaryISDN: used to connect to broadband backbones, connecting local and central PBX or network switches.

  • 22: propPointToPointSerial: defined in RFC1213.

  • 23: ppp: network interface uses PPP (Point-To-Point Protocol) connection.

  • 24: softwareLoopback: network interface configured as a loopback adapter. Interfaces of this kind are often used for testing; they do not send traffic to the network.

  • 25: eon: ConnectionLess Network Protocol (CLNP) over Internet Protocol (IP); defined in ISO/IEC 8473-1.

  • 26: ethernet-3Mbit: network interface uses a 3Mbit/s Ethernet connection. This version of Ethernet is defined in the IETF standard RFC 895.

  • 27: nsip, XNS over IP: intended for use in a variety of data transmission environments.

  • 28: slip: network interface uses a SLIP (Serial Line Internet Protocol) connection; SLIP is defined in the IETF RFC 1055 standard.

  • 29: ultra: ULTRA Technologies.

  • 30: ds3: high-speed data interface multiplexing DS1 and DS2 signals; also know as T3.

  • 31: sip: network interface uses a SLIP (Serial Line Internet Protocol) connection; SLIP is defined in the IETF RFC 1055 standard.

  • 32: frame-relay: allows packet-switched data transmission across an interface between user devices and network equipment.

ifMtu

Integer

Maximum size of a network layer packet that can be sent over this interface.

ifSpeed

gauge32

Interface bandwidth in bits per second.

ifPhysAddress

String

Physical interface address (MAC address).

ifAdminStatus

Integer

Interface state assigned by the administrator:

  • 1: up: ready to transmit packets.

  • 2: down: not working.

  • 3: testing: working in the test mode; cannot transmit work packets.

ifOperStatus

Integer

Current operating status of the interface:

  • 1: up: interface is ready to transmit packets.

  • 2: down: interface cannot transmit data packets.

  • 3: testing: network interface is being tested; cannot transmit working packets.

  • 4: unknown: interface state is unknown.

  • 5: dormant: network interface cannot transmit data packets, it is waiting for an external event.

  • 6: notPresente: network interface cannot transmit data packets because a component, usually a piece of hardware, is missing.

  • 7: lowerLayerDown: network interface cannot transmit data packets because it is running on top of one or more other interfaces, and at least one of those "lower-layer" interfaces is down.

ifLastChange

timeticks

SysUpTime value when the interface switches to this state.

ifInOctets

counter32

Number of bytes received by the interface, including service bytes.

ifInUcastPkts

counter32

Number of delivered unicast packets.

ifInNUcastPkts

counter32

Number of delivered multicast and broadcast packets.

ifInDiscards

counter32

Number of incoming packets that were dropped, even if no errors were detected preventing the delivery. Buffer space release may be one of the reasons for dropping.

ifInErrors

counter32

Number of incoming packets that contain errors preventing the delivery.

ifInUnknownProtos

counter32

Number of packets that were received through the interface and dropped because an unknown or unsupported protocol was used.

ifOutOctets

counter32

The number of bytes transmitted by the interface, including service bytes.

ifOutUcastPkts

counter32

Number of sent unicast packets, including packets that were dropped or not sent.

ifOutNUcastPkts

counter32

The number of sent multicast and broadcast packets, including packets that were dropped or not sent.

ifOutDiscards

counter32

Number of outgoing packets that were dropped, even if no errors were detected preventing the transmission. Buffer space release may be one of the reasons for dropping.

ifOutErrors

counter32

The number of outgoing packets that could not be transmitted due to errors.

ifOutQLen

gauge32

Number of packets in the send queue.

ifInMulticastPkts

counter32

Number of delivered multicast packets.

ifInBroadcastPkts

counter32

Number of delivered broadcast packets.

ifOutMulticastPkts

counter32

Number of sent multicast packets, including packets that were dropped or not sent.

ifOutBroadcastPkts

counter32

Number of sent broadcast packets, including packets that were dropped or not sent.

ifHCInOctets

counter64

Identical to ifInOctets: number of bytes received by the interface, including service bytes; uses a higher capacity counter.

ifHCInUcastPkts

counter64

Identical to ifInUcastPkts: number of delivered unicast packets; uses a higher capacity counter.

ifHCInMulticastPkts

counter64

Identical to ifInMulticastPkts: number of delivered multicast packets; uses a higher capacity counter.

ifHCInBroadcastPkts

counter64

Identical to ifInBroadcastPkts: number of delivered broadcast packets; uses a higher capacity counter.

ifHCOutOctets

counter64

Identical to ifOutOctets: number of bytes transmitted by the interface, including service bytes; uses a higher capacity counter.

ifHCOutUcastPkts

counter64

Identical to ifOutUcastPkts: number of sent unicast packets, including packets that were dropped or not sent; uses a higher capacity counter.

ifHCOutMulticastPkts

counter64

Identical to ifOutMulticastPkts: number of sent multicast packets, including packets that were dropped or not sent; uses a higher capacity counter.

ifHCOutBroadcastPkts

counter64

Identical to ifOutBroadcastPkts: number of sent broadcast packets, including packets that were dropped or not sent; uses a higher capacity counter.

ifLinkUpDownTrapEnable

Integer

Specifies whether to create a trap when the link status changes:

  • 1: enabled.

  • 2: disabled.

ifHighSpeed

gauge32

Current estimated interface bandwidth pool in bit/s, kbit/s, Mbit/s, or Gbit/s.

ifPromiscuousMode

Integer

Promiscuous mode. Available values:

  • 1: true: station receives all packets/frames regardless of the destination.

  • 2: false: interface receives only packets/frames addressed to this station.

The object value does not affect the reception of broadcast and multicast packets/frames.

ifAlias

String

Interface name assigned by the administrator.

ifCounterDiscontinuityTime

timeticks

SysUpTime value when the event occurred that caused one or more interface counters to fail.