The new modular architecture of the Check Point base and all certified products can now be monitored to a greater extent. It is easy to notice the effects in the new SmartView Status: pane-based tabular screen organization, adjustable window sizes for panes, search functions, collapsible menus, and all-new interface gizmos are used in the new GUI. A new Disconnect Client feature has also been added to the interface.
What’s New in SmartView Status?
More status data is available in NG.You can access real status details such as virtual private network (VPN) statistics from the SmartView Status interface. The good news is that all information is accessible through CLI, so system administrators can integrate in-house monitoring systems with Check Point status data. System alerts are more useful with NG since SVN foundation monitors the critical resources of the systems beneath the VPN-1/FireWall-1 firewall.
The Panes
There are two main tabular screens in SmartView Tracker: System Status and System Alert. System Status, with its three panes, is very useful for gathering real-time availability data in a hierarchical view. On the other hand, Systems Alert helps administrators set predefined alert thresholds for various cases. Let’s look at each screen in more detail.
System Status
System Status has three synchronized panes (see Figure 2.14).The heart of the status-monitoring system is the top-left Modules pane.This pane has the hierarchical brief information of all the products installed. On a tree-based view, it is possible to monitor time-stamped status and IP addresses of all Check Point products. Each product is listed under its parent product.The hierarchy is as follows: Network Objects | Members | Products installed on the members. When any of the products or subcomponents is highlighted, the left Details pane displays all known status details. All problematic modules are relisted in the bottom Critical Notifications pane so that you can isolate the problems. All views are synchronized, so if you choose one product in the Critical Notifications pane, the contents of the other two panes change dynamically, or vice versa.
Figure 2.14 SmartView System Status
Tools & Traps…
Status Information from the Command Line
Check Point NG applications are monitored through the AMON protocol (TCP 18192). This makes it easy to troubleshoot data-gathering problems in SmartView Status. The cpstat command returns the same information that you see on the Details pane. The syntax of the cpstat command is as follows:
The entity and available flavors for FP3 are listed in Table 2.3. Table 2.3 cpstat Command Options
|
Entity |
Available Flavors |
|
fw |
default, all,policy,performance,hmem, kmem, inspect, cookies, chains, fragments, totals, ufp_caching, http_stat, ftp_stat, telnet_stat, rlogin_stat, ufp_stat, smtp_stat |
|
vpn |
product, general, IKE, ipsec, fwz, accelerator, all |
|
ha |
default, all |
|
mg |
default |
|
os |
default, routing |
|
fg |
all |
System Alert
The second screen of SmartView Status (see Figure 2.15) allows administrators to define threshold values and possible counteractions. As of NF FP3, only FireWall-1, FloodGate-1, SmartCenter Server, and SVN Foundation support system alerts.The screen is divided into two panes: Modules and Alert Definition. There are three system alert definition options for each component.These options can be checked under the General tab of the Alert Definition pane:
■ Global Description pane is grayed out. The Global entries of the System Alert menu are valid.
■ Custom The description can be defined through the Alert Definition pane.
■ None No alerts are applied for the given network object.
Figure 2.15 The System Alert Tab
The predefined alert triggers per product are listed in Table 2.4. Alert actions are the same as those for SmartDashboard.
Table 2.4 Alert Triggers
|
Product Name |
Alert Triggers |
|
SVN Foundation |
No Connection, Max. CPU Usage, Min Free Disk Space |
|
FireWall-1 |
No Policy Installed, Policy Name Change, Policy Installed |
|
FloodGate-1 |
No Policy Installed, Policy Name Change, Policy Installed |
|
SmartCenter |
Not Synchronized (for ClusterXL) |
Changes in the Menu and the Toolbar
The four-item menu of 4.x is gone.The overpopulated View menu of the 4.x Status Manager is enhanced in FP3 by four new root-level menus: Modules, Products, System Alert, and Tools. The new locations of the previous View menu functions are:
■ Removed menu items Show/Hide Objects, Icons View, Compression Details.
■ Transferred to toolbar Automatic Update as Active Update, Alerts (pop-up).
■ Transferred to Products menu VPN Details, FloodGate Details, HA Module Details.
■ Transferred to Modules Update Status as Update Selected.
■ Transferred to System Alert Options and Global.
■ Existing Menu Items Toolbar and Status Bar of View Menu, File Menu, Window, and Help menus.
Highlights of SmartView Status
There are small but useful additions to the SmartView Status interface besides basic status and alert functionality.These additions include displaying and disconnecting clients or auto reconnect.
Disconnecting a Client
No more "read only" messages for the mighty firewall administrators. The Disconnect Client tool (see Figure 2.16) displays all current GUI connections with the host as well as client name and database status information. In addition, if you have the proper permissions, you can choose the session and click the Disconnect button to guarantee your next read/write access session.
Figure 2.16 Disconnect Clients
Other Fancy Features
The following features are also integrated the SmartView Status interface:
■ Auto Reconnect If the connection is lost, SmartView Status tries reconnect in 15-second intervals.
■ System Alert Monitoring Mechanism With Start and Stop buttons, you can emulate alert actions.
■ Find Text-based search in the SmartView Status GUI.
■ Active Update Updates the status dynamically.
