SNMP

UserGate supports monitoring using the SNMP v2c and SNMP v3 protocols. Both SNMP queries and SNMP trap management are supported. This allows you to monitor critical UserGate parameters using the SMNP management software used in your company.

To configure monitoring using SNMP:

  1. In the properties of the zone of the interface to which the connection will be made via the SNMP protocol, in the Access control tab, enable the SNMP service.

  2. Create an SNMP rule.

To create an SNMP rule, click the Add button under SNMP and specify the following parameters:

Name

Description

Rule name

The name of the rule.

Server IP address for traps

The IP address of the trap server and the port on which the server will listen for notifications. Usually, it is UDP port 162. This setting is required only if you need to send traps to the notification server.

Community

SNMP community --- the string for UserGate server identification and SNMP server identification for SNMP v2c. Use only Latin letters and numbers.

Context

Optional parameter that defines the SNMP context. Use only Latin letters and numbers.

Some devices may have multiple copies of the entire MIB subtree. For example, several virtual routers can be created on the device. Each such virtual router will have a complete MIB subtree. In this case, each virtual router can be specified as a context on the SNMP server. The context is identified by name. When the client makes a request, the context name can be specified. If the context name is not specified, the default context will be requested.

Version

Specify the version of the SNMP protocol used in the rule. Available options: SNMP v2c and SNMP v3.

Allow SNMP queries

When enabled, allows receiving and processing of SNMP requests from the SNMP manager.

Allow SNMP traps

When enabled, allows sending of SNMP traps to the server configured to receive notifications.

SNMP security profile name

For SNMP v3 only. For more details, see the SNMP Security Profiles section.

Events

Selecting the types of parameters available for monitoring by rule.

Note Authentication settings for SNMP v2c (community) and SNMP v3 (user, authentication type, authentication algorithm, authentication password, encryption algorithm, encryption password in SNMP security profile) on the SNMP manager must match those of UserGate.

For information on configuring authentication settings for your SNMP manager, refer to the configuration guide for your SNMP management software.

UserGate is assigned the unique SNMP PEN (Private Enterprise Number) 45741.

You can download current UserGate MIB files with monitoring parameters from the device administrator console. To do this, go to the Diagnostics and monitoring tab, then click Download MIB in the Notifications ➜ SNMP section

You can download the following MIB files:

  • UTM-TRAPS-MIB

  • UTM-TRAPS-BINDINGS-MIB

  • UTM-MIB

  • UTM-INTERFACES-MIB.

  • UTM-TEMPERATURE-MIB.

UTM-TRAPS-MIB

Name

Description

trapCoreCrush

Core crash.

trapStatDown

Statistics service (UserGate Log Analyzer) unavailable.

trapCoreBootstrapEnd

Server booting has finished successfully.

trapDefaultGatewayChanged

Default gateway has been changed.

trapHighSessionsCounter

Conntrack table 90% full.

trapHighUsersCounter

Number of active users has reached 90% of the license threshold.

trapDataPartitionFSStatus

File system status. The file system status changed to "not_clean".

trapStatusChanged

Status of the HA cluster node has been changed.

trapMemberUp

Status of the HA cluster node has been changed to "Connected".

trapMemberDown

HA cluster node has been disconnected.

trapAttackDetected

Detection of an attack by the IDPS.

trapChecksumFailed

Binary files checksum mismatch.

trapHighCPUUsage

High CPU usage.

trapLowMemory

Low memory.

trapLowLogdiskSpace

Not enough disk space to store logs.

trapRaidStatus

RAID status has been changed.

trapPowerSupply

The first power supply is off.

trapCableStatus

Cable has been connected or disconnected from the interface.

trapHighDiskIOUtilization

High disk load. An alert is sent when the load is >=95% in 5 minutes on at least one of the disk devices.

trapTrafficDrop

A firewall deny rule has been triggered.

trapLDAPServerDown

LDAP server unavailable.

trapCriticalTemperature

Critical temperature on one of the sensors. An alert is sent when one of the operating temperature limits (lower or upper) is crossed. The lower limit of operating temperature is usually 0°C (-40ºC for X series devices), the upper limit is 85ºC.

UTM-TRAPS-BINDINGS-MIB

Name

Data type

Description

utmSessions

Integer

Current number of active sessions.

utmSessionsMax

Integer

Maximum number of active sessions.

utmUsers

Integer

Current number of active users.

utmUsersMax

Integer

Maximum number of active users.

utmDataPartionFSStatus

Integer

File system status.

  • 0 --- clean.

  • 1 --- not clean.

utmHAStatus

Integer

Current status of the HA cluster node:

  • 0: master node

  • 1: slave node

  • 3 --- fault.

utmHAStatusReason

Integer

Reason for the change of the HA cluster node status:

  • 1: connection to the node has been lost

  • 2: HTTP proxy server unreachable

  • 3: no reachable gateway

  • 4: DNS server unreachable

  • 5: UserGate Management Center node is unreachable.

utmCPUUsage

Integer

CPU load (in %).

utmMemory

Integer

RAM usage (in %).

utmLogdiskSpace

Integer

Disk space used for logs (in %).

utmAdaptecRaidStatus

Integer

Current status of RAID (Redundant Array of Independent Disks) built on the Adaptec controller:

  • no_raid.

  • 0: optimal: the array is in its optimal state

  • 1: degraded: one drive has completely or partially failed.

  • 2: rebuild: array rebuild in progress

utmBroadcomRaidStatus

Integer

Current status of RAID (Redundant Array of Independent Disks) built on the Broadcom controller:

  • no_raid

  • 0: optimal: the array is in its optimal state

  • 1: degraded: one drive has completely or partially failed. This status occurs if 2 disks fail.

  • 2: partialDegraded: one drive has completely or partially failed.

  • 3: failed: not operable due to an error

  • 4: offline: drive is not available to the RAID controller

utmPowerSupply

Integer

Number of power supplies:

  • 1: one power supply

  • 2: two power supplies

utmPowerSupplyStatus

Integer

State of the power supply:

  • no_power_supplies.

  • 0 --- off.

  • 1 --- on.

utmCSCIfName

String

The interface name.

utmCSCStatus

Integer

Status of the network adapter:

  • 1: cable connected

  • 2: cable disconnected

utmDiskIOUtilization

Integer

Current disk utilization (%).

utmLDAPServerName

String

LDAP server name.

utmLDAPServerAddress

String

LDAP server IP address.

utmThermSensor

String

Name of the temperature sensor.

utmThermValue

Integer

Temperature value measured by the sensor.

UTM-MIB

Name

Data type

Description

vcpuCount

Integer

Number of virtual CPUs in the system.

vcpuUsage

Integer

Virtual CPU load in the system (in %).

usersCounter

Integer

Current number of active users. (*)

sessionsCounter

Integer

Current number of active sessions. (*)

tcpsessionsCounter

Integer

Current number of active TCP sessions. (*)

udpsessionsCounter

Integer

Current number of active UPD sessions. (*)

icmpsessionsCounter

Integer

Current number of active ICMP sessions. (*)

sessionsRate10

Integer

Number of new sessions per second. Average value for the last 10 seconds. (*)

sessionsRate60

Integer

Number of new sessions per second. Average value for the last 60 seconds. (*)

sessionsRate300

Integer

Number of new sessions per second. Average value for the last 300 seconds. (*)

tcpsessionsRate10

Integer

Number of new TCP sessions per second. Average value for the last 10 seconds. (*)

tcpsessionsRate60

Integer

Number of new TCP sessions per second. Average value for the last 60 seconds. (*)

tcpsessionsRate300

Integer

Number of new TCP sessions per second. Average value for the last 300 seconds. (*)

udpsessionsRate10

Integer

Number of new UPD sessions per second. Average value for the last 10 seconds. (*)

udpsessionsRate60

Integer

Number of new UPD sessions per second. Average value for the last 60 seconds. (*)

udpsessionsRate300

Integer

Number of new UPD sessions per second. Average value for the last 300 seconds. (*)

icmpsessionsRate10

Integer

Number of new ICMP sessions per second. Average value for the last 10 seconds. (*)

icmpsessionsRate60

Integer

Number of new ICMP sessions per second. Average value for the last 60 seconds. (*)

icmpsessionsRate300

Integer

Number of new ICMP sessions per second. Average value for the last 300 seconds. (*)

dnsRequestCounter

Integer

Total DNS requests. (*)

dnsBlockedRequestCounter

Integer

Blocked DNS requests. (*)

dnsRequestRate

Integer

DNS requests per second. (*)

httpRequestCounter

Integer

Total HTTP requests. (*)

httpBlockedRequestCounter

Integer

Blocked HTTP requests. (*)

httpRequestRate

Integer

HTTP queries per second. (*)

dataPartitionFSStatus

String

File system status.

haStatus

Integer

The current state of the cluster node.

cpuLoad

Integer

System CPU load (in %).

memoryUsed

Integer

RAM usage (in %).

logDiskSpace

Integer

Disk space used for logs (in %).

powerSupply1Status

String

State of the first power supply:

  • no_power_supplies.

  • on

  • off

powerSupply2Status

String

State of the second power supply:

  • no_power_supplies.

  • on

  • off

raidType

String

RAID array type.

raidStatus

String

Current status of RAID (Redundant Array of Independent Disks):

  • no_raid.

  • 0: optimal: the array is in its optimal state

  • 1: degraded: one drive has completely or partially failed.

  • 2: rebuild: array rebuild in progress

diskIOUtilization

Integer

Current disk utilization (%).

diskIOUtilization60

Integer

Disk utilization (%). Average value for the last 60 seconds.

diskIOUtilization300

Integer

Disk utilization (%). Average value for the last 300 seconds.

Note Metrics marked with the (*) symbol in the description are not relevant for UGMC and LogAn. Metric values for these devices will always be zero.

UTM-INTERFACES-MIB

Name

Data type

Description

ifNumber

Integer

Number of network interfaces.

ifIndex

Integer

The value is unique for each interface. Available values: from 1 to ifNumber.

ifDescr

String

Interface description.

ifType

Integer

Interface type determined according to the physical/link layer protocol:

  • 1: other: unknown type

  • 2: regular1822: defined in BBN Report 1822

  • 3: hdh1822: defined in BBN Report 1822

  • 4: ddn-x25: defined in BBN Report 1822

  • 5: defined in the data link layer standard of the OSI X.25 network model

  • 6: ethernet-csmacd: Ethernet-type network interface regardless of speed (defined in RFC 3635)

  • 7: iso88023-csmacd: defined in IEEE 802.3

  • 8: iso88024-tokenBus: defined in IEEE 8802.4

  • 9: iso88025-tokenRing: network interface uses a Token Ring connection; defined in the IEEE 802.5 standard.

  • 10: iso88026-man: defined in the ISO 88026 standard "MAN".

  • 11: starLan: defined in the IEEE 802.3e standard.

  • 12 --- proteon-10Mbit --- Proteon 10 Mbit.

  • 13 --- proteon-80Mbit --- Proteon 80 Mbit.

  • 14: hyperchannel: high-speed channel used in ISDN networks.

  • 15: fddi: network interface uses FDDI (Fiber Distributed Data Interface) connection. FDDI is a set of standards for data transmission over fiber-optic lines in local networks.

  • 16: lapb: data link layer protocol used to transmit X.25 standard packets.

  • 17: sdlc: data link layer protocol for IBM system network architecture.

  • 18: ds1: can handle 24 simultaneous connections at a total speed of 1.544Mbit/s; also called T1.

  • 19: e1: European equivalent of T1.

  • 20: basicISDN: used for communication between the subscriber's equipment and the ISDN station.

  • 21: primaryISDN: used to connect to broadband backbones, connecting local and central PBX or network switches.

  • 22: propPointToPointSerial: defined in RFC1213.

  • 23: ppp: network interface uses PPP (Point-To-Point Protocol) connection.

  • 24: softwareLoopback: network interface configured as a loopback adapter. These interfaces are often used for testing; they do not send traffic to the network.

  • 25: eon: ConnectionLess Network Protocol (CLNP) over Internet Protocol (IP); defined in ISO/IEC 8473-1.

  • 26: ethernet-3Mbit: network interface uses a 3Mbit/s Ethernet connection. This version of Ethernet is defined in the IETF standard RFC 895.

  • 27: nsip, XNS over IP: intended for use in a variety of data transmission environments.

  • 28: slip: network interface uses a SLIP (Serial Line Internet Protocol) connection. SLIP is defined in the IETF RFC 1055 standard.

  • 29 --- ultra --- ULTRA Technologies.

  • 30: ds3: high-speed data interface multiplexing DS1 and DS2 signals; also know as T3.

  • 31: sip: network interface uses a SLIP (Serial Line Internet Protocol) connection. SLIP is defined in the IETF RFC 1055 standard.

  • 32: frame-relay: allows packet-switched data transmission across an interface between user devices and network equipment.

ifMtu

Integer

Maximum size of a network layer packet that can be sent over this interface.

ifSpeed

gauge32

Interface bandwidth in bits per second.

ifPhysAddress

String

Physical interface address (MAC address).

ifAdminStatus

Integer

Interface state assigned by the administrator:

  • 1: up: ready to transmit packets

  • 2: down: not working

  • 3: testing: working in the test mode; cannot transmit work packets.

ifOperStatus

Integer

Current operating status of the interface:

  • 1: up: ready to transmit packets

  • 2: down: interface cannot transmit data packets

  • 3: testing: network interface is being tested; cannot transmit working packets

  • 4: unknown: interface state is unknown

  • 5: dormant: network interface cannot transmit data packets, it is waiting for an external event

  • 6: notPresente: network interface cannot transmit data packets because a component, usually a piece of hardware, is missing

  • 7: lowerLayerDown: network interface cannot transmit data packets because it is running on top of one or more other interfaces, and at least one of those "lower-layer" interfaces is down

ifLastChange

timeticks

SysUpTime value when the interface switches to this state.

ifInOctets

counter32

Number of bytes received by the interface, including service bytes.

ifInUcastPkts

counter32

Number of delivered unicast packets.

fInNUcastPkts

counter32

Number of delivered multicast and broadcast packets.

ifInDiscards

counter32

Number of incoming packets that were dropped, even if no errors were detected preventing the delivery. Buffer space release may be one of the reasons for dropping.

ifInErrors

counter32

Number of incoming packets that contain errors preventing the delivery.

ifInUnknownProtos

counter32

Number of packets that were received through the interface and dropped because an unknown or unsupported protocol was used.

ifOutOctets

counter32

The number of bytes transmitted by the interface, including service bytes.

ifOutUcastPkts

counter32

Number of sent unicast packets, including packets that were dropped or not sent.

ifOutNUcastPkts

counter32

The number of sent multicast and broadcast packets, including packets that were dropped or not sent.

ifOutDiscards

counter32

Number of outgoing packets that were dropped, even if no errors were detected preventing the transmission. Buffer space release may be one of the reasons for dropping.

ifOutErrors

counter32

The number of outgoing packets that could not be transmitted due to errors.

ifOutQLen

gauge32

The send queue length (number of packets).

ifInMulticastPkts

counter32

Number of delivered multicast packets.

ifInBroadcastPkts

counter32

Number of delivered broadcast packets.

ifOutMulticastPkts

counter32

Number of sent multicast packets, including packets that were dropped or not sent.

ifOutBroadcastPkts

counter32

Number of sent broadcast packets, including packets that were dropped or not sent.

ifHCInOctets

counter64

Identical to ifInOctets: number of bytes received by the interface, including service bytes; uses a higher capacity counter.

ifHCInUcastPkts

counter64

Identical to ifInUcastPkts: number of delivered unicast packets; uses a higher capacity counter.

ifHCInMulticastPkts

counter64

Identical to ifInMulticastPkts: number of delivered multicast packets; uses a higher capacity counter.

ifHCInBroadcastPkts

counter64

Identical to ifInBroadcastPkts: number of delivered broadcast packets; uses a higher capacity counter.

ifHCOutOctets

counter64

Identical to ifOutOctets: number of bytes transmitted by the interface, including service bytes; uses a higher capacity counter.

ifHCOutUcastPkts

counter64

Identical to ifOutUcastPkts: number of sent unicast packets, including packets that were dropped or not sent; uses a higher capacity counter.

ifHCOutMulticastPkts

counter64

Identical to ifOutMulticastPkts: number of sent multicast packets, including packets that were dropped or not sent; uses a higher capacity counter.

ifHCOutBroadcastPkts

counter64

Identical to ifOutBroadcastPkts: number of sent broadcast packets, including packets that were dropped or not sent; uses a higher capacity counter.

ifLinkUpDownTrapEnable

Integer

Specifies whether to create a trap when the link status changes:

  • 1: enabled

  • 2: disabled

ifHighSpeed

gauge32

Current estimated interface bandwidth pool in bit/s, kbit/s, Mbit/s, or Gbit/s.

ifPromiscuousMode

Integer

Promiscuous mode. Available values:

  • 1: true: station receives all packets/frames regardless of the destination.

  • 2: false: interface receives only packets/frames addressed to this station.

The object value does not affect the reception of broadcast and multicast packets/frames.

ifAlias

String

Interface name assigned by the administrator.

ifCounterDiscontinuityTime

timeticks

SysUpTime value when the event occurred that caused one or more interface counters to fail.

UTM-TEMPERATURE-MIB

Name

Data type

Description

termNumber

Integer

Number of temperature sensors on this platform.

thermLowerThreshold

Integer

Lower operating temperature limit.

thermUpperThreshold

Integer

Upper operating temperature limit.

thermTable

sequence

Table of temperature sensors with readings (thermEntry).

thermEntry

sequence

A specific sensor info:

  • thermName (string): sensor name.

  • thermValue (integer): sensor readings.

  • thermUnit (string): sensor reading unit.

Note Temperature sensor data will only be displayed for supported hardware platforms. Currently supported devices are UserGate C150, C151, FG, X10. For unsupported platforms or virtual solutions, the sensor table will be empty, and the number of sensors and operating temperature limits will be zero.
Note If taking a temperature reading from a sensor was not possible, it will not be transmitted in the table, while the thermNumber parameter counts the total number of temperature sensors, even taking into account those that are not working. In this case, the number of sensors in the table and the thermNumber value may not match.