如何启动 CheckPoint SNMP 而不重启 Check Point Modules

作者:reistlin 发布时间:September 15, 2010 分类:原创文章

作者: reistlin
来源: http://www.reistlin.com/blog/48
更新时间: 2010.09
版权声明: 原创文章.转载请保留作者信息和原文完整.谢绝任何方式的摘要

checkpoint.gifnokia.gif

问题:

默认情况下,Nokia & CheckPoint 防火墙的 SNMP Extension 服务是没有启动的,需要执行 cpconfig 来启动该进程。启动 SNMP Extension 进程时,需要重新启动所有的 Check Point Modules。在正式生产环境中,会对网络造成影响。

解决:

[步骤一]

1,登录命令行界面(Nokia IPSO 4.2 BUILD096),执行:cpconfig

Reistlin.com[admin]# cpconfig
This program will let you re-configure
your Check Point products configuration.

2,选择:2,配置 “SNMP Extension”

Configuration Options:
----------------------
(1)  Licenses and contracts
(2)  SNMP Extension
(3)  Group Permissions
(4)  PKCS#11 Token
(5)  Random Pool
(6)  Secure Internal Communication
(7)  Enable cluster membership for this gateway
(8)  Enable Check Point SecureXL
(9)  Automatic start of Check Point Products
 
(10) Exit
 
Enter your choice (1-10) : 2

3,选择:y,启用 “SNMP Extension daemon”

Configuring SNMP Extension...
=============================
The SNMP daemon enables Check Point products module 
to export its status to external network management tools.
Would you like to activate Check Point products SNMP daemon ? (y/n) [n] ? y

4,选择:10,退出配置界面

Configuration Options:
----------------------
(1)  Licenses and contracts
(2)  SNMP Extension
(3)  Group Permissions
(4)  PKCS#11 Token
(5)  Random Pool
(6)  Secure Internal Communication
(7)  Enable cluster membership for this gateway
(8)  Enable Check Point SecureXL
(9)  Automatic start of Check Point Products
 
(10) Exit
 
Enter your choice (1-10) : 10

5,系统提示需要 “restart ALL Check Point modules”,选择:n

Thank You...
 
You have changed Check Point products Configuration.
You need to restart ALL Check Point modules (performing cpstop & cpstart)
in order to activate the changes you have made.
Would you like to do it now? (y/n) [y] ? n

OK,到此为止,已经配置了以后防火墙如果重启,会自动启动 “SNMP Extension daemon” 服务。但是,目前仍然没有将 SNMP Extension 进程启起来(因为我们中断了 “restart ALL Check Point modules“ 的操作!),继续。

[步骤二]

1,登录命令行界面(Nokia IPSO 4.2 BUILD096),执行如下命令:

/opt/CPsuite-R65/svn/bin/cpsnmpd -p 260

2,check 一下防火墙的 snmp进 程:

Reistlin.com[admin]# ps -aux | grep snmp
root       407  0.0  0.1  4224  744  ??  Ss   19Apr10   13:17.56 /bin/snmpd -f
root     18751  0.0  0.0  2928  296  ??  Ss   11May10   12:42.04 /opt/CPsuite-R65/svn/bin/cpsnmpd -p 260

OK,Nokia 的 SNMP,CheckPoint 的 SNMP Extension 进程均正常,可以使用 snmpwalk 或者 solarwinds 测试了。

标签: checkpoint, nokia

评论已关闭