Friday, October 25, 2024

Monitoring maximum NAT usage on Checkpoint Firewall

 For some cases on internet facing firewall, we found out that connections was failed due to NAT was exhausted. By default on R81.0 , checkpoint will assign 50.000 NAT ports to be used by each IP

Here is the the sample graph for NAT monitoring



On Checkpoint firewall, we can monitor NAT usage by using SNMP. Here is the OID

Number of NAT Port Used    : .1.3.6.1.4.1.2620.1.56.1301.3.1.7.1.0

Percentage of NAT usage    : .1.3.6.1.4.1.2620.1.56.1301.3.1.9.1.0

You can use any tools to graph for above mentioned OID

Please note that, those OID refer to connections that are using the most NAT port

For cacti, here is the graph template that can be used

<cacti>

<hash_000102b7faeb81cf164d3c638b4064b9666805>

<name>Checkpoint - NAT Port Usage</name>

<graph>

<t_title></t_title>

<title>|host_description| - Checkpoint NAT Port Usage</title>

<t_vertical_label></t_vertical_label>

<vertical_label>No of Login</vertical_label>

<t_image_format_id></t_image_format_id>

<image_format_id>1</image_format_id>

<t_height></t_height>

<height>120</height>

<t_width></t_width>

<width>800</width>

<t_base_value></t_base_value>

<base_value>1</base_value>

<t_slope_mode></t_slope_mode>

<slope_mode>on</slope_mode>

<t_auto_scale></t_auto_scale>

<auto_scale>on</auto_scale>

<t_auto_scale_opts></t_auto_scale_opts>

<auto_scale_opts>2</auto_scale_opts>

<t_auto_scale_log></t_auto_scale_log>

<auto_scale_log></auto_scale_log>

<t_scale_log_units></t_scale_log_units>

<scale_log_units></scale_log_units>

<t_auto_scale_rigid></t_auto_scale_rigid>

<auto_scale_rigid></auto_scale_rigid>

<t_upper_limit></t_upper_limit>

<upper_limit>10000</upper_limit>

<t_lower_limit></t_lower_limit>

<lower_limit>0</lower_limit>

<t_unit_value></t_unit_value>

<unit_value></unit_value>

<t_unit_exponent_value></t_unit_exponent_value>

<unit_exponent_value></unit_exponent_value>

<t_unit_length></t_unit_length>

<unit_length></unit_length>

<t_no_gridfit></t_no_gridfit>

<no_gridfit></no_gridfit>

<t_alt_y_grid></t_alt_y_grid>

<alt_y_grid></alt_y_grid>

<t_right_axis></t_right_axis>

<right_axis></right_axis>

<t_right_axis_label></t_right_axis_label>

<right_axis_label></right_axis_label>

<t_right_axis_format></t_right_axis_format>

<right_axis_format>0</right_axis_format>

<t_right_axis_formatter></t_right_axis_formatter>

<right_axis_formatter>0</right_axis_formatter>

<t_left_axis_formatter></t_left_axis_formatter>

<left_axis_formatter>0</left_axis_formatter>

<t_auto_padding></t_auto_padding>

<auto_padding>on</auto_padding>

<t_dynamic_labels></t_dynamic_labels>

<dynamic_labels></dynamic_labels>

<t_force_rules_legend></t_force_rules_legend>

<force_rules_legend></force_rules_legend>

<t_tab_width></t_tab_width>

<tab_width>30</tab_width>

<t_legend_position></t_legend_position>

<legend_position>0</legend_position>

<t_legend_direction></t_legend_direction>

<legend_direction>0</legend_direction>

</graph>

<items>

<hash_100102dbf95855760e38870c660f958dff393c>

<graph_type_id>4</graph_type_id>

<task_item_id>hash_080102016a584d0faa5554e624a627ca036a76</task_item_id>

<color_id>00A348</color_id>

<alpha>FF</alpha>

<consolidation_function_id>4</consolidation_function_id>

<cdef_id>0</cdef_id>

<vdef_id>0</vdef_id>

<shift></shift>

<value></value>

<gprint_id>hash_060102e9c43831e54eca8069317a2ce8c6f751</gprint_id>

<textalign></textalign>

<text_format>Highest Number of NAT Port Used</text_format>

<hard_return></hard_return>

<line_width>0.00</line_width>

<dashes></dashes>

<dash_offset>0</dash_offset>

<sequence>1</sequence>

</hash_100102dbf95855760e38870c660f958dff393c>

<hash_100102d01ed451d582f491958658889bfd7f16>

<graph_type_id>9</graph_type_id>

<task_item_id>hash_080102016a584d0faa5554e624a627ca036a76</task_item_id>

<color_id>0</color_id>

<alpha>FF</alpha>

<consolidation_function_id>4</consolidation_function_id>

<cdef_id>0</cdef_id>

<vdef_id>0</vdef_id>

<shift></shift>

<value></value>

<gprint_id>hash_060102e9c43831e54eca8069317a2ce8c6f751</gprint_id>

<textalign></textalign>

<text_format>Current:</text_format>

<hard_return></hard_return>

<line_width>1.00</line_width>

<dashes></dashes>

<dash_offset>0</dash_offset>

<sequence>2</sequence>

</hash_100102d01ed451d582f491958658889bfd7f16>

<hash_100102d1b24e91115e0e33f0d159876e2ab123>

<graph_type_id>9</graph_type_id>

<task_item_id>hash_080102016a584d0faa5554e624a627ca036a76</task_item_id>

<color_id>000000</color_id>

<alpha>FF</alpha>

<consolidation_function_id>3</consolidation_function_id>

<cdef_id>0</cdef_id>

<vdef_id>0</vdef_id>

<shift></shift>

<value></value>

<gprint_id>hash_060102e9c43831e54eca8069317a2ce8c6f751</gprint_id>

<textalign></textalign>

<text_format>Max:</text_format>

<hard_return>on</hard_return>

<line_width>1.00</line_width>

<dashes></dashes>

<dash_offset>0</dash_offset>

<sequence>3</sequence>

</hash_100102d1b24e91115e0e33f0d159876e2ab123>

<hash_100102406a8e435792be8a787f6abc2d096d64>

<graph_type_id>4</graph_type_id>

<task_item_id>hash_080102d932f127aad060310c6c50a567cad4b9</task_item_id>

<color_id>F70D1A</color_id>

<alpha>FF</alpha>

<consolidation_function_id>4</consolidation_function_id>

<cdef_id>0</cdef_id>

<vdef_id>0</vdef_id>

<shift></shift>

<value></value>

<gprint_id>hash_060102e9c43831e54eca8069317a2ce8c6f751</gprint_id>

<textalign></textalign>

<text_format>NAT Usage Percentage</text_format>

<hard_return></hard_return>

<line_width>0.00</line_width>

<dashes></dashes>

<dash_offset>0</dash_offset>

<sequence>4</sequence>

</hash_100102406a8e435792be8a787f6abc2d096d64>

<hash_100102adf4c8fa70cde57415d8e386cb24f989>

<graph_type_id>9</graph_type_id>

<task_item_id>hash_080102d932f127aad060310c6c50a567cad4b9</task_item_id>

<color_id>0</color_id>

<alpha>FF</alpha>

<consolidation_function_id>4</consolidation_function_id>

<cdef_id>0</cdef_id>

<vdef_id>0</vdef_id>

<shift></shift>

<value></value>

<gprint_id>hash_060102e9c43831e54eca8069317a2ce8c6f751</gprint_id>

<textalign></textalign>

<text_format>Current:</text_format>

<hard_return></hard_return>

<line_width>1.00</line_width>

<dashes></dashes>

<dash_offset>0</dash_offset>

<sequence>5</sequence>

</hash_100102adf4c8fa70cde57415d8e386cb24f989>

<hash_100102b8a9df7442af68f4f741287a280fb2a7>

<graph_type_id>9</graph_type_id>

<task_item_id>hash_080102d932f127aad060310c6c50a567cad4b9</task_item_id>

<color_id>0</color_id>

<alpha>FF</alpha>

<consolidation_function_id>3</consolidation_function_id>

<cdef_id>0</cdef_id>

<vdef_id>0</vdef_id>

<shift></shift>

<value></value>

<gprint_id>hash_060102e9c43831e54eca8069317a2ce8c6f751</gprint_id>

<textalign></textalign>

<text_format>Max:</text_format>

<hard_return>on</hard_return>

<line_width>1.00</line_width>

<dashes></dashes>

<dash_offset>0</dash_offset>

<sequence>6</sequence>

</hash_100102b8a9df7442af68f4f741287a280fb2a7>

</items>

<inputs>

<hash_0901026a3e7759f28ea124c093203bee23a19c>

<name>Data Source [cpnatused]</name>

<description></description>

<column_name>task_item_id</column_name>

<items>hash_000102dbf95855760e38870c660f958dff393c|hash_000102d01ed451d582f491958658889bfd7f16|hash_000102d1b24e91115e0e33f0d159876e2ab123</items>

</hash_0901026a3e7759f28ea124c093203bee23a19c>

<hash_090102d6073cd9799f8c752e94c8921e772ea9>

<name>Data Source [cpnatpercentage]</name>

<description></description>

<column_name>task_item_id</column_name>

<items>hash_000102406a8e435792be8a787f6abc2d096d64|hash_000102adf4c8fa70cde57415d8e386cb24f989|hash_000102b8a9df7442af68f4f741287a280fb2a7</items>

</hash_090102d6073cd9799f8c752e94c8921e772ea9>

</inputs>

</hash_000102b7faeb81cf164d3c638b4064b9666805>

<hash_01010284e90a9963452154952e108c85b74b0d>

<name>Checkpoint - Number of NAT Usage</name>

<ds>

<t_name></t_name>

<name>|host_description| - Number of NAT Port Used</name>

<data_source_path></data_source_path>

<data_input_id>hash_0301023eb92bb845b9660a7445cf9740726522</data_input_id>

<t_data_source_profile_id></t_data_source_profile_id>

<data_source_profile_id>hash_200102d62c52891f4f9688729a5bc9fad91b18</data_source_profile_id>

<t_rrd_step></t_rrd_step>

<rrd_step>300</rrd_step>

<t_active></t_active>

<active>on</active>

</ds>

<items>

<hash_080102016a584d0faa5554e624a627ca036a76>

<t_data_source_name></t_data_source_name>

<data_source_name>cpnatused</data_source_name>

<t_rrd_minimum></t_rrd_minimum>

<rrd_minimum>0</rrd_minimum>

<t_rrd_maximum></t_rrd_maximum>

<rrd_maximum>U</rrd_maximum>

<t_data_source_type_id></t_data_source_type_id>

<data_source_type_id>1</data_source_type_id>

<t_rrd_heartbeat></t_rrd_heartbeat>

<rrd_heartbeat>600</rrd_heartbeat>

<t_data_input_field_id></t_data_input_field_id>

<data_input_field_id>0</data_input_field_id>

</hash_080102016a584d0faa5554e624a627ca036a76>

</items>

<data>

<item_000>

<data_input_field_id>hash_07010292f5906c8dc0f964b41f4253df582c38</data_input_field_id>

<t_value></t_value>

<value></value>

</item_000>

<item_001>

<data_input_field_id>hash_07010232285d5bf16e56c478f5e83f32cda9ef</data_input_field_id>

<t_value></t_value>

<value></value>

</item_001>

<item_002>

<data_input_field_id>hash_070102ad14ac90641aed388139f6ba86a2e48b</data_input_field_id>

<t_value></t_value>

<value></value>

</item_002>

<item_003>

<data_input_field_id>hash_0701029c55a74bd571b4f00a96fd4b793278c6</data_input_field_id>

<t_value></t_value>

<value></value>

</item_003>

<item_004>

<data_input_field_id>hash_070102012ccb1d3687d3edb29c002ea66e72da</data_input_field_id>

<t_value></t_value>

<value>2</value>

</item_004>

<item_005>

<data_input_field_id>hash_0701024276a5ec6e3fe33995129041b1909762</data_input_field_id>

<t_value></t_value>

<value>.1.3.6.1.4.1.2620.1.56.1301.3.1.7.1.0</value>

</item_005>

<item_006>

<data_input_field_id>hash_070102fc64b99742ec417cc424dbf8c7692d36</data_input_field_id>

<t_value></t_value>

<value></value>

</item_006>

<item_007>

<data_input_field_id>hash_07010220832ce12f099c8e54140793a091af90</data_input_field_id>

<t_value></t_value>

<value></value>

</item_007>

<item_008>

<data_input_field_id>hash_070102c60c9aac1e1b3555ea0620b8bbfd82cb</data_input_field_id>

<t_value></t_value>

<value></value>

</item_008>

<item_009>

<data_input_field_id>hash_070102feda162701240101bc74148415ef415a</data_input_field_id>

<t_value></t_value>

<value></value>

</item_009>

</data>

</hash_01010284e90a9963452154952e108c85b74b0d>

<hash_0101026c7c3ccd579778b4e0cd13bb8e9e1001>

<name>Checkpoint - NAT Usage Percentage</name>

<ds>

<t_name></t_name>

<name>|host_description| - Percentage of NAT Port Used</name>

<data_source_path></data_source_path>

<data_input_id>hash_0301023eb92bb845b9660a7445cf9740726522</data_input_id>

<t_data_source_profile_id></t_data_source_profile_id>

<data_source_profile_id>hash_200102d62c52891f4f9688729a5bc9fad91b18</data_source_profile_id>

<t_rrd_step></t_rrd_step>

<rrd_step>300</rrd_step>

<t_active></t_active>

<active>on</active>

</ds>

<items>

<hash_080102d932f127aad060310c6c50a567cad4b9>

<t_data_source_name></t_data_source_name>

<data_source_name>cpnatpercentage</data_source_name>

<t_rrd_minimum></t_rrd_minimum>

<rrd_minimum>0</rrd_minimum>

<t_rrd_maximum></t_rrd_maximum>

<rrd_maximum>U</rrd_maximum>

<t_data_source_type_id></t_data_source_type_id>

<data_source_type_id>1</data_source_type_id>

<t_rrd_heartbeat></t_rrd_heartbeat>

<rrd_heartbeat>600</rrd_heartbeat>

<t_data_input_field_id></t_data_input_field_id>

<data_input_field_id>0</data_input_field_id>

</hash_080102d932f127aad060310c6c50a567cad4b9>

</items>

<data>

<item_000>

<data_input_field_id>hash_07010292f5906c8dc0f964b41f4253df582c38</data_input_field_id>

<t_value></t_value>

<value></value>

</item_000>

<item_001>

<data_input_field_id>hash_07010232285d5bf16e56c478f5e83f32cda9ef</data_input_field_id>

<t_value></t_value>

<value></value>

</item_001>

<item_002>

<data_input_field_id>hash_070102ad14ac90641aed388139f6ba86a2e48b</data_input_field_id>

<t_value></t_value>

<value></value>

</item_002>

<item_003>

<data_input_field_id>hash_0701029c55a74bd571b4f00a96fd4b793278c6</data_input_field_id>

<t_value></t_value>

<value></value>

</item_003>

<item_004>

<data_input_field_id>hash_070102012ccb1d3687d3edb29c002ea66e72da</data_input_field_id>

<t_value></t_value>

<value></value>

</item_004>

<item_005>

<data_input_field_id>hash_0701024276a5ec6e3fe33995129041b1909762</data_input_field_id>

<t_value></t_value>

<value>.1.3.6.1.4.1.2620.1.56.1301.3.1.9.1.0</value>

</item_005>

<item_006>

<data_input_field_id>hash_070102fc64b99742ec417cc424dbf8c7692d36</data_input_field_id>

<t_value></t_value>

<value></value>

</item_006>

<item_007>

<data_input_field_id>hash_07010220832ce12f099c8e54140793a091af90</data_input_field_id>

<t_value></t_value>

<value></value>

</item_007>

<item_008>

<data_input_field_id>hash_070102c60c9aac1e1b3555ea0620b8bbfd82cb</data_input_field_id>

<t_value></t_value>

<value></value>

</item_008>

<item_009>

<data_input_field_id>hash_070102feda162701240101bc74148415ef415a</data_input_field_id>

<t_value></t_value>

<value></value>

</item_009>

</data>

</hash_0101026c7c3ccd579778b4e0cd13bb8e9e1001>

<hash_0301023eb92bb845b9660a7445cf9740726522>

<name>Get SNMP Data</name>

<type_id>2</type_id>

<input_string></input_string>

<fields>

<hash_07010292f5906c8dc0f964b41f4253df582c38>

<name>SNMP IP Address</name>

<update_rra></update_rra>

<regexp_match></regexp_match>

<allow_nulls></allow_nulls>

<type_code>hostname</type_code>

<input_output>in</input_output>

<data_name>management_ip</data_name>

</hash_07010292f5906c8dc0f964b41f4253df582c38>

<hash_07010232285d5bf16e56c478f5e83f32cda9ef>

<name>SNMP Community</name>

<update_rra></update_rra>

<regexp_match></regexp_match>

<allow_nulls></allow_nulls>

<type_code>snmp_community</type_code>

<input_output>in</input_output>

<data_name>snmp_community</data_name>

</hash_07010232285d5bf16e56c478f5e83f32cda9ef>

<hash_070102ad14ac90641aed388139f6ba86a2e48b>

<name>SNMP Username</name>

<update_rra></update_rra>

<regexp_match></regexp_match>

<allow_nulls>on</allow_nulls>

<type_code>snmp_username</type_code>

<input_output>in</input_output>

<data_name>snmp_username</data_name>

</hash_070102ad14ac90641aed388139f6ba86a2e48b>

<hash_0701029c55a74bd571b4f00a96fd4b793278c6>

<name>SNMP Password</name>

<update_rra></update_rra>

<regexp_match></regexp_match>

<allow_nulls>on</allow_nulls>

<type_code>snmp_password</type_code>

<input_output>in</input_output>

<data_name>snmp_password</data_name>

</hash_0701029c55a74bd571b4f00a96fd4b793278c6>

<hash_070102012ccb1d3687d3edb29c002ea66e72da>

<name>SNMP Version (1, 2, or 3)</name>

<update_rra></update_rra>

<regexp_match></regexp_match>

<allow_nulls>on</allow_nulls>

<type_code>snmp_version</type_code>

<input_output>in</input_output>

<data_name>snmp_version</data_name>

</hash_070102012ccb1d3687d3edb29c002ea66e72da>

<hash_0701024276a5ec6e3fe33995129041b1909762>

<name>OID</name>

<update_rra></update_rra>

<regexp_match></regexp_match>

<allow_nulls></allow_nulls>

<type_code>snmp_oid</type_code>

<input_output>in</input_output>

<data_name>oid</data_name>

</hash_0701024276a5ec6e3fe33995129041b1909762>

<hash_070102fc64b99742ec417cc424dbf8c7692d36>

<name>SNMP Port</name>

<update_rra></update_rra>

<regexp_match></regexp_match>

<allow_nulls></allow_nulls>

<type_code>snmp_port</type_code>

<input_output>in</input_output>

<data_name>snmp_port</data_name>

</hash_070102fc64b99742ec417cc424dbf8c7692d36>

<hash_07010220832ce12f099c8e54140793a091af90>

<name>SNMP Authenticaion Protocol (v3)</name>

<update_rra></update_rra>

<regexp_match></regexp_match>

<allow_nulls></allow_nulls>

<type_code>snmp_auth_protocol</type_code>

<input_output>in</input_output>

<data_name>snmp_auth_protocol</data_name>

</hash_07010220832ce12f099c8e54140793a091af90>

<hash_070102c60c9aac1e1b3555ea0620b8bbfd82cb>

<name>SNMP Privacy Passphrase (v3)</name>

<update_rra></update_rra>

<regexp_match></regexp_match>

<allow_nulls></allow_nulls>

<type_code>snmp_priv_passphrase</type_code>

<input_output>in</input_output>

<data_name>snmp_priv_passphrase</data_name>

</hash_070102c60c9aac1e1b3555ea0620b8bbfd82cb>

<hash_070102feda162701240101bc74148415ef415a>

<name>SNMP Privacy Protocol (v3)</name>

<update_rra></update_rra>

<regexp_match></regexp_match>

<allow_nulls></allow_nulls>

<type_code>snmp_priv_protocol</type_code>

<input_output>in</input_output>

<data_name>snmp_priv_protocol</data_name>

</hash_070102feda162701240101bc74148415ef415a>

</fields>

</hash_0301023eb92bb845b9660a7445cf9740726522>

<hash_200102d62c52891f4f9688729a5bc9fad91b18>

<name>5 Minute Collection</name>

<step>300</step>

<heartbeat>600</heartbeat>

<x_files_factor>0.5</x_files_factor>

<default>on</default>

<cf_items>1|2|3|4</cf_items>

<items>

<item_000>

<name>Daily (5 Minute Average)</name>

<steps>1</steps>

<rows>600</rows>

<timespan>86400</timespan>

</item_000>

<item_001>

<name>Weekly (30 Minute Average)</name>

<steps>6</steps>

<rows>700</rows>

<timespan>604800</timespan>

</item_001>

<item_002>

<name>Monthly (2 Hour Average)</name>

<steps>24</steps>

<rows>775</rows>

<timespan>2618784</timespan>

</item_002>

<item_003>

<name>Yearly (1 Day Average)</name>

<steps>288</steps>

<rows>797</rows>

<timespan>31536000</timespan>

</item_003>

</items>

</hash_200102d62c52891f4f9688729a5bc9fad91b18>

<hash_060102e9c43831e54eca8069317a2ce8c6f751>

<name>Normal</name>

<gprint_text>%8.2lf %s</gprint_text>

</hash_060102e9c43831e54eca8069317a2ce8c6f751>

</cacti>



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)