FireBrick - Firewalls, Bonding ADSL, Routers, Traffic Shaping...
FireBrick FB6000
SNMP
The FireBrick includes a number of SNMP features. These include top level system OIDs and a comprehensive interface MIB. There are also some FireBrick specific OIDs which are generally non walkable.
Configuration
SNMP is enabled in the system services configuration and includes the usual local filtering based on routing table, and IP address. You have to define the SNMP service before any SNMP is handled, and should specify a community name. It is recommended that you lock down access to SNMP with the services access controls or firewalling.
SNMP version 2c is supported
1.3.6.1.2.1.1 System
The standard system MIB is supported and walkable including sysDescr, sysContact, sysName, sysLocation, sysServices
Interface
The standard interface MIB is supported including ifNumber, ifTable, ifIndex, idDescr, ifType, ifMtu, ifSpeed, ifPhysAddress, ifAdminStatus, ifOperStatus, ifLastChange, ifInOctets, ifInUcastPkts, ifInNUcastPkts, ifInDiscards, ifInErrors, ifInUnknownProtos, ifOutoctets, ifOutUcastPkts, ifOutNUcastPkts, ifOutDiscards, ifOutQLen, ifSpecific.
Some of these have dummy values as they are not relevant.
In addition to the standard values a number of additional values are included (non walkable)
| 410 | ifInOctetsv4 | Ingress octet count of IPv4 packets |
| 411 | ifInUcastPkts4 | Ingress unicast packet count of IPv4 packets |
| 416 | ifOutOctets4 | Egress octet count of IPv4 packets |
| 417 | ifOutUcastPkts4 | Egress unicast packet count of IPv4 packets |
| 610 | ifInOctetsv6 | Ingress octet count of IPv6 packets |
| 611 | ifInUcastPkts6 | Ingress unicast packet count of IPv6 packets |
| 616 | ifOutOctets6 | Egress octet count of IPv6 packets |
| 617 | ifOutUcastPkts6 | Egress unicast packet count of IPv6 packets |
The interfaces that can be monitored include the following in order starting as interface ID 1
- Physical ports internally within the FireBrick (1 for 2500/2700, 2 for 6000 series)
- Switch ports including the internal switch port (5 for 2500/2700, 0 for 6000 series)
- 4096 entries for each VLAN (0=untagged) for each external port (4096*4 for 2500/2700, 4096*2 for 6000 series)
- Named shaper objects in order as specified in config - allowing monitoring of any graph/shaper
FireBrick
There are a number of custom non-walkable additional values specific to the FireBrick and included under. 1.3.6.1.4.1.24693 (FireBrick's enterprise number).
1.3.6.1.4.1.24693.179 BGP
This is followed by .4.a.b.c.d.x where a.b.c.d is the IPv4 of the peer, and x is the value requested. Or .6.[32 entries 0 to 15].x for an IPv6 peer using each nibble in the IPv6 address.
| 1 | String | Name of BGP peer from config |
| 2 | Integer | State of BGP peer (0=idle, 1=active, 2=openwait, 3=opensent, 4=openconfig, 5=established, 6=closed, 7=free) |
| 3 | Integer | Remote AS |
| 4 | Integer | Received IPv4 prefixes |
| 5 | Integer | Seconds since last state change |
| 6 | Integer | Received IPv6 prefixes |
1.3.6.1.4.1.24693.1701 L2TP
This is followed by .4.a.b.c.d.x where a.b.c.d is the IPv4 of the peer, and x is the value requested. Or .6.[32 entries 0 to 15].x for an IPv6 peer using each nibble in the IPv6 address.
| 1 | String | The login name |
| 2 | String | The host name |
| 3 | Integer | Number of incoming tunnels |
| 4 | Integer | Number of outgoing tunnels |
| 5 | Integer | Seconds since oldest live tunnel connected |
| 6 | Integer | Number of live tunnels |
| 7 | Integer | Number of sessions |
In addition there are overall counters.
- .1 Counters for tunnels in each state (.0=free, .1=opening, .2=live, .3=closing, .4=failed, .5=closed)
- .2 Counters for sessions in each state (.0=free, .1=pending, .2=opening, .3=neg, .4=auth .5=started .6=live, .7=acct, .7=closing, .8=closed)
E&OE, ® "FireBrick" is a registered trademark of FireBrick Ltd,
Copyright © 2008-12 FireBrick Ltd. All Rights Reserved.