Monitor Checkpoint VPN links

Marc Powell mpowell at ena.com
Thu Jul 10 20:57:59 CEST 2003 

> -----Original Message-----
> From: Adams, Gavin [mailto:gadams at promisant.com]
> Sent: Thursday, July 10, 2003 1:22 PM
> To: nagios-users at lists.sourceforge.net
> 
[snip]

> For example, fully meshed network of sites A, B, C, and D with Nagios
> running at site A, and accessible servers at B, C, and D. Traffic
checks
> would be for:
> 
> From     To
> A        B C D
> B        A C D
> C        A B D
> D        A B C
> 
> Site A is easy, Nagios can ping devices in B, C, and D. On the server
at
> the other sites, create a plugin that pings the remote sites and
returns
> OK is all is good, else WARNING or CRITICAL if there is a problem.
> 
> Additional work and resources required to set it up, but in the end,
the
> only way to know if an VPN tunnel is up and operational is to push
some
> traffic across it (or wait for the complaints to come in).

We were thinking the same thing (without the need for the mesh though).
We would like to monitor firewalls that we may manage, but not own nor
would we own any of the devices behind that firewall. The solution we're
looking at is using a Soekris box (http://www.soekris.com) running
FreeBSD, NRPE and check_http or something behind the firewall to verify
traffic goes both in and out. It would be a simple matter to set up the
above mentioned mesh if you had one of these devices at each location. I
guess it all boils down to how confident you want to be that the
firewall is truly working as expected.

--
Marc


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

More information about the Users mailing list