Page 1 of 1
Comm issue behind firewall
Posted: Fri Aug 15, 2014 10:29 am
by btemple
I am trying to monitor a router in a dmz. For some reason everything appears to communicate properly except for the bandwidth stats they all report back 0 in 0 out. I am wondering if this is from the router setup or could it be a firewall issue ? All of our internal routers report back proper stats. What port / protocol is need for this check ?
check_xi_service_mrtgtraf!xxx.xxx.xxx.xxx.rrd!500,500!800,800!M!!!!
Re: Comm issue behind firewall
Posted: Fri Aug 15, 2014 12:49 pm
by sreinhardt
This is snmp get requests, which are over port 161 generally, and use udp. It is entirely possible that mrtg is not getting data returned, so it fills zeros or nans, which the bandwidth check that looks at mrtg rrds is reporting 0 because of this. You can test snmp connectivity with:
Re: Comm issue behind firewall
Posted: Fri Aug 15, 2014 2:48 pm
by btemple
thank you I will further troubleshoot and get back
Re: Comm issue behind firewall
Posted: Fri Aug 15, 2014 2:51 pm
by btemple
nmap results look good
Re: Comm issue behind firewall
Posted: Fri Aug 15, 2014 3:21 pm
by abrist
Is the community correct? Can you walk the host?
Code: Select all
snmpwalk -c <community> -v1 <ip of remote host>
or:
Code: Select all
snmpwalk -c <community> -v2c <ip of remote host>
Re: Comm issue behind firewall
Posted: Fri Aug 15, 2014 5:12 pm
by dfmco
What type of firewall is this? I know for a fact that bandwidth on a Cisco ASA uses a different OID than the router/switch. Can you do a SNMP get to see if the OID you are using is providing a value?
Re: Comm issue behind firewall
Posted: Fri Aug 22, 2014 8:53 am
by tmcdonald
btemple, did you get a chance to look at abrist or dfmco's answers?