Monitor Checkpoint VPN links

Frater, Greg J gjfrater at bechtel.com
Thu Jul 10 16:25:41 CEST 2003

Previous message: Monitor Checkpoint VPN links
Next message: Monitor Checkpoint VPN links
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm responding to this off of the digest-hope this looks right.  CP has some
SNMP support, have you checked that for values that you could query for up
status or packet counts something that will change only if the link is up?
Whether SNMP on your firewall is a good idea or not is a different question.
Let us know how you solve this.

Message: 21
Date: Wed, 9 Jul 2003 16:02:48 -0700
From: "Roy S. Rapoport" <nagios-users at ols.inorganic.org>
To: nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Monitor Checkpoint VPN links

On Wed, Jul 09, 2003 at 06:21:50PM -0400, Rob Nelson wrote:
> It's always an ugly hack, but one can do just about anything with
"expect". 
> I'd suggest using ssh keys tho, rather than putting your ssh password in 
> cleartext in the scriptfile.

As a security person, this makes me shudder.

Remember, this is your firewall.  

I won't tell you how to manage your security devices, but the concept of
allowing automated, non-passworded (or passphrased) access to a firewall
scares the bejesus out of me.  I would aruge, with respect to the
requester's experience and knowledge, that it's a Bad Idea.

If you *are* going to do that, for God's sake, make sure that the SSH key
is only authorized for the very minimal actions that you need to monitor
the system -- in other words, you shouldn't just SSH and run some commands
-- you should 'ssh user at fw <command>' and make sure that the SSH key ONLY
allows you to run <command>.

-roy

Thanks, 

Greg Frater
WTP IT dept.
509 371 3537
gjfrater at bechtel.com

-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Monitor Checkpoint VPN links
Next message: Monitor Checkpoint VPN links
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list