zabbix_export: version: '5.4' date: '2021-11-21T21:35:11Z' groups: - uuid: cdce88f4196c45bfa225b57ddba7445e name: 'Halley template' templates: - uuid: 70bea07f3fbf4af0bf65b40690311461 template: 'Halley Firewall Watchguard M400' name: 'Halley Firewall Watchguard M400' description: | ## Overview Template for monitoring Firebox Watchuard M400 Firewall with explanations and advices. The mibs are there: The content of template: 6 Applications: CPU, Disk Partitions, General, Interfaces, Memory, Traffic rules 10 SNMPv2 and calculated items Cached memory, Swap used space, Free physical memory in%, Total physical memory, ping check, Device localtion, uptime, description, name 4 LLD rules for: a) Access rules - taken from template M300 on share.zabbix.com (thanks) to discover traffic on access rules with graph b) Disk partitions - with filter in post processing to discover (/var, /boot, /, and /tmp) - total and used space c) Network interfaces - discover incoming/outgoing traffic, operational state and inbound/outbound errors on interface (need to enable) + trigger and graph. To not discover no need interface like virtual or loopback create in Administration->General-> Regular expressions a rule to not allow per example virtual interfaces: (?!)Virtual -result FALSE d) Processors - discover and monitor with trigger the load on processors ## Author Ticau Tudor groups: - name: 'Halley template' items: - uuid: 7bdbed492d974364a271f059b27123b9 name: 'Free physical memory in %' type: CALCULATED key: hrStorageFree.1 delay: '30' history: 1w value_type: FLOAT units: '%' params: '(last(//hrStorageUsed.1)/last(//hrStorageSize.1))*100' description: 'Free physical memory in percentage. The memory on this device is an CF card' tags: - tag: Application value: Memory triggers: - uuid: 71ca0e745f984120b5640035c9b5b82d expression: 'last(/Halley Firewall Watchguard M400/hrStorageFree.1)<10' name: 'Lack of available memory on {HOST.NAME}' priority: AVERAGE manual_close: 'YES' tags: - tag: Value value: '{ITEM.VALUE}' - uuid: fd9037901dad45a985c8a142cf6c9bb5 name: 'Total physical memory' type: SNMP_AGENT snmp_oid: 'HOST-RESOURCES-MIB::hrStorageSize.1' key: hrStorageSize.1 delay: '30' history: 1w units: B description: 'Total physical memory. The memory on this device is an CF card' preprocessing: - type: MULTIPLIER parameters: - '1024' tags: - tag: Application value: Memory - uuid: bf627a3cf6d740669ca0c6027f68f1bf name: 'Used physical memory' type: SNMP_AGENT snmp_oid: 'HOST-RESOURCES-MIB::hrStorageUsed.1' key: hrStorageUsed.1 delay: '30' history: 1w units: B description: 'Used physical memory. The memory on this device is an CF card' preprocessing: - type: MULTIPLIER parameters: - '1024' tags: - tag: Application value: Memory - uuid: edf00c5463034ba1a20896f1ea9989be name: 'Cached memory' type: SNMP_AGENT snmp_oid: 'HOST-RESOURCES-MIB::hrStorageUsed.7' key: hrStorageUsed.7 delay: '30' history: 1w units: B description: 'Cached memory. The memory on this device is an CF card' preprocessing: - type: MULTIPLIER parameters: - '1024' tags: - tag: Application value: Memory - uuid: 703c2d7d828641b7b89c2bfb46209be0 name: 'Swap used space' type: SNMP_AGENT snmp_oid: 'HOST-RESOURCES-MIB::hrStorageUsed.10' key: hrStorageUsed.10 delay: '30' history: 1w units: B description: 'Swap used space. The memory on this device is an CF card' preprocessing: - type: MULTIPLIER parameters: - '1024' tags: - tag: Application value: Memory - uuid: 0a7d17d617f849748f83fcf2521f54b5 name: 'Device description' type: SNMP_AGENT snmp_oid: 'SNMPv2-MIB::sysDescr.0' key: sysDescr delay: '30' history: 1w trends: '0' value_type: CHAR description: 'A textual description of the entity. This value should include the full name and version identification of the system''s hardware type, software operating-system, and networking software.' inventory_link: HARDWARE tags: - tag: Application value: General - uuid: 529287f4ce164be1be0a1eabead176a5 name: 'Device location' type: SNMP_AGENT snmp_oid: 'SNMPv2-MIB::sysLocation.0' key: sysLocation delay: '30' history: 1w trends: '0' value_type: CHAR description: 'The physical location of this node (e.g., `telephone closet, 3rd floor''). If the location is unknown, the value is the zero-length string.' inventory_link: LOCATION tags: - tag: Application value: General - uuid: 5f9f37467ceb4deba44592bed7bff233 name: 'Device name' type: SNMP_AGENT snmp_oid: 'SNMPv2-MIB::sysName.0' key: sysName delay: '30' history: 1w trends: '0' value_type: CHAR description: 'An administratively-assigned name for this managed node. By convention, this is the node''s fully-qualified domain name. If the name is unknown, the value is the zero-length string.' inventory_link: NAME tags: - tag: Application value: General - uuid: 9c8abfbb322b44a68a44db5b1983d673 name: 'Device uptime' type: SNMP_AGENT snmp_oid: 'SNMPv2-MIB::sysUpTime.0' key: sysUpTime delay: '30' history: 1w units: uptime description: 'The time since the network management portion of the system was last re-initialized.' preprocessing: - type: MULTIPLIER parameters: - '0.01' tags: - tag: Application value: General discovery_rules: - uuid: d08266c54b8340dfbe79b7fc198e7135 name: Processors type: SNMP_AGENT snmp_oid: 'discovery[{#SNMPVALUE},HOST-RESOURCES-MIB::hrProcessorLoad]' key: hrProcessorLoad delay: 1d description: 'Discover the processors of the firewall device' item_prototypes: - uuid: e94a619629574606acd0a5e9ac169060 name: 'Processor $1 type' type: SNMP_AGENT snmp_oid: 'HOST-RESOURCES-MIB::hrDeviceDescr.{#SNMPINDEX}' key: 'hrDeviceDescr[{#SNMPINDEX}]' trends: '0' value_type: CHAR description: 'Processor type' tags: - tag: Application value: CPU - uuid: a14697b5314449cba012621e3233ccbb name: 'Utilization of processor $1' type: SNMP_AGENT snmp_oid: 'HOST-RESOURCES-MIB::hrProcessorLoad.{#SNMPINDEX}' key: 'hrProcessorLoad[{#SNMPINDEX}]' units: '%' description: 'The average, over the last minute, of the percentage of time that this processor was not idle. Implementations may approximate this one minute smoothing period if necessary.' tags: - tag: Application value: CPU trigger_prototypes: - uuid: 09f704b658ec46ba8787211659adc66c expression: 'last(/Halley Firewall Watchguard M400/hrProcessorLoad[{#SNMPINDEX}],#1:now-300s)>70' name: 'Utilization of processor {#SNMPINDEX} over 70%' priority: AVERAGE description: 'CPU on {HOST.NAME} is over 70%' manual_close: 'YES' tags: - tag: Value value: '{ITEM.VALUE}' graph_prototypes: - uuid: e108e4fbf3074c6fb907630bf1a4a090 name: 'Utilization of processor {#SNMPINDEX}' graph_items: - color: 1A7C11 item: host: 'Halley Firewall Watchguard M400' key: 'hrProcessorLoad[{#SNMPINDEX}]' - uuid: 3f3c02c19a6f422f8e542988d0a49cc7 name: 'Disk partitions' type: SNMP_AGENT snmp_oid: 'discovery[{#SNMPVALUE},HOST-RESOURCES-MIB::hrStorageDescr]' key: hrStorageDescr delay: 1d filter: conditions: - macro: '{#SNMPVALUE}' value: ^(/var|/|/boot|/tmp)$ formulaid: A description: | The rule will discover all disk partitions matching the global regexp "Storage devices for SNMP discovery". {$SNMP_COMMUNITY} is a global macro. item_prototypes: - uuid: 9ee5bab46a4e4ead913110ab4ff1bbf5 name: 'Description of storage $1' type: SNMP_AGENT snmp_oid: 'HOST-RESOURCES-MIB::hrStorageDescr.{#SNMPINDEX}' key: 'hrStorageDescr[{#SNMPVALUE}]' delay: 30s trends: '0' value_type: CHAR description: 'A description of the type and instance of the storage described by this entry.' tags: - tag: Application value: 'Disk partitions' - uuid: d922bb9b39e342ddbf5a515fb89fac07 name: 'Total disk space on $1' type: SNMP_AGENT snmp_oid: 'HOST-RESOURCES-MIB::hrStorageSize.{#SNMPINDEX}' key: 'hrStorageSize[{#SNMPVALUE}]' delay: 30s units: B description: 'total disk space in bytes.' preprocessing: - type: MULTIPLIER parameters: - '10240' tags: - tag: Application value: 'Disk partitions' - uuid: 1d90884e06d040d1924a511e2deae73d name: 'Used disk space on $1' type: SNMP_AGENT snmp_oid: 'HOST-RESOURCES-MIB::hrStorageUsed.{#SNMPINDEX}' key: 'hrStorageUsed[{#SNMPVALUE}]' delay: 30s units: B description: 'Used disk space in bytes.' preprocessing: - type: MULTIPLIER parameters: - '10240' tags: - tag: Application value: 'Disk partitions' trigger_prototypes: - uuid: fc92586b426f452fb52d1651869c3333 expression: 'last(/Halley Firewall Watchguard M400/hrStorageUsed[{#SNMPVALUE}]) / last(/Halley Firewall Watchguard M400/hrStorageSize[{#SNMPVALUE}]) > 0.8' name: 'Free disk space is less than 20% on volume {#SNMPVALUE}' priority: WARNING graph_prototypes: - uuid: 937ac52180a942408ab3fc921532ce33 name: 'Disk space usage {#SNMPVALUE}' width: '600' height: '340' yaxismax: '0' show_work_period: 'NO' show_triggers: 'NO' type: PIE show_3d: 'YES' graph_items: - color: 1A7C11 item: host: 'Halley Firewall Watchguard M400' key: 'hrStorageSize[{#SNMPVALUE}]' - sortorder: '1' color: F63100 item: host: 'Halley Firewall Watchguard M400' key: 'hrStorageUsed[{#SNMPVALUE}]' - uuid: f8eb87a0bc504089a278632afb744a6f name: 'Network interfaces' type: SNMP_AGENT snmp_oid: 'discovery[{#SNMPVALUE},IF-MIB::ifDescr]' key: ifDescr delay: 1d description: | You may also consider using IF-MIB::ifType or IF-MIB::ifAlias for discovery depending on your filtering needs. {$SNMP_COMMUNITY} is a global macro. item_prototypes: - uuid: 1e72c4300d864dfb84381a8c1edb069d name: 'Inbound errors on interface $1' type: SNMP_AGENT snmp_oid: 'IF-MIB::ifInErrors.{#SNMPINDEX}' key: 'ifInErrors[{#SNMPVALUE}]' status: DISABLED description: 'For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol.' preprocessing: - type: CHANGE_PER_SECOND parameters: - '' tags: - tag: Application value: Interfaces - uuid: 2b9d96f7cffc4b06a50f264788a3542c name: 'Incoming traffic on interface $1' type: SNMP_AGENT snmp_oid: 'IF-MIB::ifInOctets.{#SNMPINDEX}' key: 'ifInOctets[{#SNMPVALUE}]' delay: 30s units: Bps description: 'The number of octets in valid MAC frames received on this interface in 1 second, including the MAC header and FCS.' preprocessing: - type: CHANGE_PER_SECOND parameters: - '' - type: MULTIPLIER parameters: - '8' tags: - tag: Application value: Interfaces - uuid: f750d8e05ca54716ad71706ddceade1e name: 'Operational status of interface $1' type: SNMP_AGENT snmp_oid: 'IF-MIB::ifOperStatus.{#SNMPINDEX}' key: 'ifOperStatus[{#SNMPVALUE}]' description: 'The current operational state of the interface.' tags: - tag: Application value: Interfaces trigger_prototypes: - uuid: 9ce65072570a4ddf823a63e1ccd86295 expression: '(last(/Halley Firewall Watchguard M400/ifOperStatus[{#SNMPVALUE}],#1)<>last(/Halley Firewall Watchguard M400/ifOperStatus[{#SNMPVALUE}],#2))=1' name: 'Operational status was changed on {HOST.NAME} interface {#SNMPVALUE}' priority: INFO manual_close: 'YES' - uuid: 7d1ebdc1c66e45a4b6a8db1bb4b2be1c name: 'Outbound errors on interface $1' type: SNMP_AGENT snmp_oid: 'IF-MIB::ifOutErrors.{#SNMPINDEX}' key: 'ifOutErrors[{#SNMPVALUE}]' status: DISABLED description: 'For packet-oriented interfaces, the number of outbound packets that could not be transmitted because of errors. For character-oriented or fixed-length interfaces, the number of outbound transmission units that could not be transmitted because of errors.' preprocessing: - type: CHANGE_PER_SECOND parameters: - '' tags: - tag: Application value: Interfaces - uuid: a460f11b55cf4d21a102846183d4656e name: 'Outgoing traffic on interface $1' type: SNMP_AGENT snmp_oid: 'IF-MIB::ifOutOctets.{#SNMPINDEX}' key: 'ifOutOctets[{#SNMPVALUE}]' units: Bps description: 'The number of octets transmitted in MAC frames on this interface per second , including the MAC header and FCS.' preprocessing: - type: CHANGE_PER_SECOND parameters: - '' - type: MULTIPLIER parameters: - '8' tags: - tag: Application value: Interfaces graph_prototypes: - uuid: 441c90eb2707495a8fffb78efc4bdba5 name: 'Traffic on interface {#SNMPVALUE}' graph_items: - color: 1A7C11 item: host: 'Halley Firewall Watchguard M400' key: 'ifInOctets[{#SNMPVALUE}]' - sortorder: '1' color: F63100 item: host: 'Halley Firewall Watchguard M400' key: 'ifOutOctets[{#SNMPVALUE}]' - uuid: e0b97e713d584e71a69810ed8b730e98 name: 'Access Rules' type: SNMP_AGENT snmp_oid: 'discovery[{#SNMPVALUE},.enterprises.3097.4.2.2.1.2]' key: 'rule[{#SNMPVALUE}]' delay: 1d description: 'https://www.watchguard.com/help/docs/fireware/11/en-US/Content/en-US/basicadmin/snmp_mibs_details_c.html' item_prototypes: - uuid: 3d9038fa5b7642d5aefd76f5755771e7 name: 'Traffic on {#SNMPVALUE}' type: SNMP_AGENT snmp_oid: '.enterprises.3097.4.2.2.1.3.{#SNMPINDEX}' key: 'Traffic[{#SNMPVALUE}]' units: Bps preprocessing: - type: CHANGE_PER_SECOND parameters: - '' - type: MULTIPLIER parameters: - '8' tags: - tag: Application value: 'Traffic rules' graph_prototypes: - uuid: 91a85d45a7794e7eae7b879eecf02687 name: 'Traffic on {#SNMPVALUE}' graph_items: - color: 1A7C11 item: host: 'Halley Firewall Watchguard M400' key: 'Traffic[{#SNMPVALUE}]' macros: - macro: '{$SNMP_COMMUNITY}' value: MonitorZabbix graphs: - uuid: e1a99ef4814a469ea3158182818fd934 name: 'Memory Usage' graph_items: - color: 1A7C11 item: host: 'Halley Firewall Watchguard M400' key: hrStorageSize.1 - sortorder: '1' color: F63100 item: host: 'Halley Firewall Watchguard M400' key: hrStorageUsed.1 - uuid: 8a41f2e9e148476bad4acd9ba12f170d name: 'Swap used space' graph_items: - color: 1A7C11 item: host: 'Halley Firewall Watchguard M400' key: hrStorageUsed.10