Juniper Networks - Pulse Secure

Juniper NetworksSNMP Monitoring GuideApplicable for:Secure Access ServiceMAG Series Junos Pulse GatewayAccess Control Service

Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, California 94089408-745-2000www.juniper.netJuniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change,modify, transfer, or otherwise revise this publication without notice.Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that areowned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479,6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.Juniper Networks SNMP Monitoring GuideCopyright 2012, Juniper Networks, Inc.All rights reserved. Printed in USA. Juniper Networks, Inc.2

SA-IC-MAG SNMP Monitoring Guide.pdfTable of ContentsJuniper Networks SNMP Monitoring Guide. 1OVERVIEW . 4PROCEDURE . 4COMMON OBJECTS FOR SNMP MONITORING OF MAG/SA DEVICES . 4 Juniper Networks, Inc.3

SA-IC-MAG SNMP Monitoring Guide.pdfOVERVIEWThis document describes guidelines for SNMP monitoring of Secure Access devices’ health and stability. The MIB OIDsand functions in the tables provided are from the Juniper Networks MIB and UC Davis MIB.Most objects explained in this document are also included in the Juniper SA/MAG/IC Software Administration Guide. TheJuniper Networks MIB has all the necessary objects that can be used for monitoring most of the components while theUCD MIBs has a few useful objects and is added for information. Standard SNMPv2 MIB is also supported but notincluded in this document.PROCEDURE1. Download the Juniper Networks MIB from the device Admin UI SNMP page. This has most of the objects forMAG/SA SNMP monitoring (See NOTES below).2. To monitor system statistics, such as memory utilization, load the UC-Davis MIB file into the SNMP managerapplication. You can obtain the MIB file -SNMP-MIB.txt3. Install the MIBS to monitor your device and use the OIDs described in the tables shown later in this document.NOTES SMMPv2 standard MIB and the UCDavis MIB are supported, but most of the needed objects for monitoringstabiity are already available through the Juniper Networks MIB downloadable from the Admin UI SNMPpage. Safe and critical values are essentially guides to assist in establishing some monitoring. Adjustments may benecessary depending on configurations to be done on the devices but most of the values are known bestpractice values and recommendations.COMMON OBJECTS FOR SNMP MONITORING OF MAG/SA DEVICESBelow are most of the objects that can be used for monitoring the health of an SA or MAG system.NOTE: A full list of objects can be found in the 7.3 admin guide (pages 903-907) located in/j-sa-sslvpn-7.3-adminguide.pdf Juniper Networks, Inc.4

SA-IC-MAG SNMP Monitoring Guide.pdfJUNIPER .2.0Number of signed-inweb usersTRAPPOLLMORE INFORMATIONYMonitors users connectedand uses the web feature.Not critical in monitoringhealth: informational only.1.3.6.1.4.1.12532.12.0Total number of userslogged in to the SAnodeYMonitors the number ofusers in this node that arelogged in.Not critical in monitoringhealth: informational only.1.3.6.1.4.1.12532.13.0Total number of userslogged in to the ClusterYMonitors the number ofusers in the cluster that arelogged in. This numbercounts towards the userlicenses.Not critical in monitoringhealth: informational only.1.3.6.1.4.1.12532.251.6Maximum number ofconcurrent users signedinYTraps based on Admin UIsettings (see Figure 1).Setting determined by theadministrator.Critical trap to inform thatthe user license limit isreached.1.3.6.1.4.1.12532.9.0The number ofconcurrent meetingusersYMonitors the number ofsecure meeting usersconnected. This numbercounts towards SecureMeeting license, cannot bequeried and accessed fornotification only via trap.Not critical in monitoringhealth: informational. Juniper Networks, Inc.5

SA-IC-MAG SNMP Monitoring Guide.pdf.1.3.6.1.4.1.12532.251.17Concurrent meetingcount over license limitYTraps based on Admin UIsettings (see Figure 1).Setting determined by theadministrator.Critical trap to inform thatthe user license limit isreached.MEMORY.1.3.6.1.4.1.12532.11.0The Memory Utilizationof the IVE systemYDepending on the load andfeatures used: 90% is normal90-95% is high but notnecessarily an issueACTION: Start monitoringswap95-99% is very high but notnecessarily will causeimmediate issueACTION: Start monitoringswap.1.3.6.1.4.1.12532.251.21IVE memory utilizationabove thresholdYTraps based on Admin UIsettings (see Figure 1)See also above for safeusage.ACTIONS: Set the Memorytrap setting in UI to very high(95% to 99% as Linuxsystems can use most ofphysical memory and doesnot fully indicate issues.Start monitoring swap forusage when trap starts to begenerated. **SEE NOTES.1.3.6.1.4.1.12532.24.0The Swap Utilization ofthe IVE systemY0% is normally what swapusage should be.From 5% of swap usage, itneeds monitoringACTION: If swap starts to be Juniper Networks, Inc.6

SA-IC-MAG SNMP Monitoring Guide.pdfutilized, get logs. **SEENOTES.1.3.6.1.4.1.12532.251.23IVE swap utilizationabove thresholdYSame as aboveACTION: Recommended toset to 5%. When trappingstarts, get logs. **SEENOTESCPU.1.3.6.1.4.1.12532.10.0The CPU Utilization ofthe IVE systemYDepending on the load andfeatures used: 50% is usually normalAbove or steady at 80%,especially during peaktimes, may indicate loadissue.100% is abnormal andneeds investigationSudden jump leading to100% is not normal when itdoes not come down withinfew minutes.CPU of 100% steady is notnormal.ACTION: Check usage,throughputs from graphsand re-evaluate capacity.Get logs. **SEE NOTES.1.3.6.1.4.1.12532.251.22IVE CPU utilizationabove thresholdYTraps based on Admin UIsettings (see screeshot*)See above for CPU values.It is recommended to not setCPU trap until the normalCPU usage is known.ACTION: If it is known, setCPU trap to default of 80%in admin SNMP page. If ittraps at 80% consistently,get logs.See Figure 1 and “NOTES Juniper Networks, Inc.7

SA-IC-MAG SNMP Monitoring Guide.pdfON LOGS” later in thisdocument.DISK.1.3.6.1.4.1.12532.25.0Percentage of diskspaceY 80% is normal80% and above needs closemonitoring90% and above is criticalACTION: If disk spacepercentage starts to go over80%, gather logsSee “NOTES ON LOGS”later in this document.1.3.6.1.4.1.12532.251.18Disk space nearly fullYTraps based on Admin UIsettings (see Figure 1)ACTION: Recommended toset to 90%. If it continouslytraps, start monitoring andgathering logs.See “NOTES ON LOGS”later in this document.Backup and delete logsimmediately, delete allsnapshots if seen. Clear outdebuglogs if set to highvalue, call Juniper Supportfor assistance.1.3.6.1.4.1.12532.251.19Disk space fullYDisk usage has gone 100%.This is a critical isue as thiswill eventually crash box.ACTION: Backup and deletelogs immediately, delete allsnapshots if seen. Clear outdebuglogs if set to highvalue, call Juniper Supportfor assistance. Getting morelogs may not work due tospace exhausted.LOG.1.3.6.1.4.1.12532.1.0Percentage of log filefullYThis reading can helpdetermine if archiving is Juniper Networks, Inc.8

SA-IC-MAG SNMP Monitoring Guide.pdfneeded or modified.Not critical in monitoringhealth: informational.1.3.6.1.4.1.12532.251.4Log file nearly fullYThis reading can helpdetermine if archiving isneeded or modified.Not critical in monitoringhealth: informational.1.3.6.1.4.1.12532.251.5Log file fullYLog file has reached 100%and full. Inidication that logsettings may need to bereviewed or archivingsettings needed to bemodified.Not critical in monitoringhealth: informational only.TEMPERATURE.1.3.6.1.4.1.12532.42.0The Temperature ofMAG application bladeYThis is a critical informationfor stability of thechassis/blades 75 deg C is normalFrom 70 deg C, monitortemperature closely as aprecaution75 deg C and above is notnormal and will fire a trapACTION: Check admin UItemperature to confirm,check other blades as well,check fans and status ofLEDs, get outputs from CMCCLI (if used) commands toget status of each bladesand alarms. Call Junipersupport.1.3.6.1.4.1.12532.251.35IVE Temperature isabove thresholdYThis is a critical trapTraps at 75 deg CACTION: Check admin UItemperature to confirm, Juniper Networks, Inc.9

SA-IC-MAG SNMP Monitoring Guide.pdfcheck other blades as well,check fans and status ofLEDs, get outputs from CMCCLI (if used) commands toget status of each bladesand alarms. Call .27The status of the powersupplies has changedYThis is a critical trap to knowfan status, which is any ofthe following:"Both the power supplies areback up""One of the power supplieshas failed"ACTION: Investigate furtherand call Juniper support.FANS.1.3.6.1.4.1.12532.251.26The status of the fanshas changedYThis is a critical trap to knowfan status, which is any ofthe following:“Fan N is running abovethreshold (xyz RPM)”“Fan N is running belowthreshold (xyz RPM)”"Both the fans are back up""Both the fans have failed""One of the fans has failed"ACTION: Investigate furtherand call Juniper support.HARD DRIVES.1.3.6.1.4.1.12532.251.28The status of the RAIDhas changedYThis is a critical trap to knowRAID status, which is any ofthe following:"The RAID status is OK""The RAID status isrecovering""The RAID status isunknown" Juniper Networks, Inc.10

SA-IC-MAG SNMP Monitoring Guide.pdf"The RAID status is failed"ACTION: Investigate furtherand call Juniper The Internal interfacehas gone down, reasonis in nicEventYThe Managementinterface has gonedown, reason is innicEventYThe External interfacehas gone down, reasonis in nicEventYThis is a critical trapACTION: Investigate furtherThis is a critical trapACTION: Investigate furtherThis is a critical trapACTION: Investigate furtherUC DAVIS .4.11.0Total Available Memoryon the hostTRAPPOLLMORE INFORMATIONYCompared to Juniper MIB,this reads size in Bytes orMbytes so it needed to beconverted to percentage.Depending on the load andfeatures used (% of totalmemory of system): 90% is normal90-95% is high but still fineACTION: Start monitoringswap95-99% is very high but notnecessarily will causeimmediate issueACTION: Start monitoringswap.1.3.6.1.4.1.2021.4.4.0Available Swap Spaceon the host.YCompared to Juniper MIB,this reads size in Bytes orMbytes.Can be computed in Juniper Networks, Inc.11

SA-IC-MAG SNMP Monitoring Guide.pdfpercentage, like Juniper MIB:From 5% of swap usage, itneeds monitoring0% is normally what swapusage should be.ACTION: If swap starts to beutilized, get logs.See “NOTES ON LOGS”later in this document.CRITICAL/MAJOR EVENTSMonitoring “Critical” and “Major” events augments the polling and trapping values obtained from the available OIDssupported in the system. There are log messages that are important to monitor as well, and both “Critical” (Level 10) and“Major” (Level 8-9) are available for use in SNMP monitoring. The list of logs can be obtained from Juniper NetworksTechnical Support.Some examples eDown10internal NIC ceDown10external NIC Down10internal gateway '%1' GatewayDown10external gateway '%1' 30431SystemErrorMiscRestartProcesses10Watchdog restarting services (%1).Watchdog restarting %1 processes(%2).The Critical Log events and Major Log events can be included in SNMP monitoring by checking the options in the SNMPpage as shown in Figure 1.Figure 1: Screenshot of SNMP Options: Juniper Networks, Inc.12

SA-IC-MAG SNMP Monitoring Guide.pdfNOTES ON LOGS:Log needed at the minimum from the SA or IC devices or MAG blades: System snapshot (Troubleshooting System Snapshot (select to include debuglog and configs) Takesnapshot) SA/MAG logs (Log/Monitoring Events logs Save all logs) Screenshot of the cockpit graph detailing issue time and readings without cropping (showing date information) Juniper Networks, Inc.13

Log file nearly full Y This reading can help determine if archiving is needed or modified. Not critical in monitoring health: informational .1.3.6.1.4.1.12532.251.5 Log file full Y Log file has reached 100% and full. Inidication that log settings may need to be reviewed or archiving s