Hi-- I'm using Zabbix to monitor my environment-- including Sophos UTM where possible.
One thing I don't seem to see is a way to monitor the status of ipsec site-to-site vpns using snmp traps. I can get either a [WARN-726] (a site is down) or a [INFO-726] (a site came up)... but I don't seem to get info on WHICH tunnel.
Since I currently have 35 site-to-site vpns running through this thing "the vpn is down" isn't a very helpful alert.
By contrast, if I have email alerts for the same event turned on, I get something like:
VPN connection '###name of site removed###' [IPsec] using Site-to-Site is up again.
Have yall tried using queries instead of traps to the ifTable OID: 184.108.40.206.220.127.116.11?
It has both ifAdminStatus and IfOperStatus that you can use to determine status of tun interfaces (or any interface) as well as the ifDescr OID to describe which one. You can also use ifOutOctets, ifInOctets to monitor traffic for the ones that are overutilized. The combo of all four will give you fairly good operational monitoring. Not certain if that's what yall are looking for though.
+1 on this. It's hard to believe that this request is over four years old and hasn't been implemented yet
Thorsten Jelonnek commented
Any update on this?
additional an alert via e-mail would be nice