# Stormshield SNS by SNMP ## Overview This template is designed for the effortless deployment of Stormshield monitoring by Zabbix via SNMP and doesn't require any external scripts. ## Requirements Zabbix version: 7.0 and higher. ## Tested versions This template has been tested on: - SNS 3100 HA v 5.0.0 ## Configuration > Zabbix should be configured according to the instructions in the [Templates out of the box](https://www.zabbix.com/documentation/7.4/manual/config/templates_out_of_the_box) section. ## Setup Refer to the vendor documentation. ## Macros used |Name|Description|Default| |----|-----------|-------| |{$SNMP_COMMUNITY}|

|`SI`|Text macro| |{$CPU.UTIL.CRIT}|

Threshold of CPU utilization for Critical trigger in %.

|`95`| |{$CPU.UTIL.WARN}|

Threshold of CPU utilization for Warning trigger in %.

|`85`| |{$DISK.FREE.CRIT}|

Threshold of disk free space for Critical trigger in %.

|`10`| |{$DISK.FREE.WARN}|

Threshold of disk free space for Warning trigger in %.

|`20`| |{$ICMP_LOSS_WARN}|

Threshold of ICMP packet loss for Warning trigger in %.

|`20`| |{$ICMP_RESPONSE_TIME_WARN}|

Threshold of average ICMP response time for Warning trigger in seconds.

|`0.15`| |{$MEMORY.UTIL.MAX}|

Threshold of memory utilization for trigger in %.

|`90`| |{$NET.IF.IFNAME.NOT_MATCHES}|

Usefull to exclude the sslvpn and ipsec interfaces from the network discovery.

|`^(sslvpn\|ipsec)`| |{$SNMP.TIMEOUT}|

The time interval for SNMP availability trigger.

|`5m`| ## Items collected |Name|Description|Type|Key and additional info| |----|-----------|----|----| |VPN : Number of incoming policies|MIB : STORMSHIELD-IPSEC-STATS-MIB
Number of incoming security policies

|`SNMP agent`|ipsec.policies.in[snsIPSECStatsSPDIn.0]

| |ICMP response time|ICMP ping response time (in seconds).

|`Simple check`|icmppingsec

| |ICMP loss|Percentage of lost packets.

|`Simple check`|icmppingloss

| |ICMP ping|Host accessibility by ICMP.
0 - ICMP ping failed.
1 - ICMP ping successful.

|`Simple check`|icmpping

| |Used memory in /log|MIB : HOST-RESOURCES-MIB
Used memory in the log file in bytes.

|`SNMP agent`|host.storage.used[hrStorageUsedlog.{#SNMPINDEX}]

**Preprocessing**

Custom multiplier: `4096`| |Used memory in /data|MIB : HOST-RESOURCES-MIB
Used memory in the data file in bytes.
|`SNMP agent`|host.storage.used[hrStorageUseddata.{#SNMPINDEX}]
**Preprocessing**
- Custom multiplier: `4096`| |Memory in /log|MIB : HOST-RESOURCES-MIB
  Total memory in the log file in bytes.
  |`SNMP agent`|host.storage.size[hrStorageSizelog.{#SNMPINDEX}]
  **Preprocessing**
  - Custom multiplier: `4096`| |Memory in /data|MIB : HOST-RESOURCES-MIB
    Total memory in the data file in bytes.
    |`SNMP agent`|host.storage.size[hrStorageSizedata.{#SNMPINDEX}]
    **Preprocessing**
    - Custom multiplier: `4096`| |Memory utilization /log|Memory utilization in % for /log.
      |`Calculated`|host.host.memory.utilization_log
      | |Memory utilization /data|Memory utilization in % for /data.
      |`Calculated`|host.host.memory.utilization_data
      | |Memory utilization|Memory utilization in %.
      |`Calculated`|host.memory.utilization
      | |Used memory|Used memory in bytes.
      |`Calculated`|host.memory.used
      | |Total memory|MIB : ucdavis MIB
      Total physical memory (RAM) installed in bytes.
      |`SNMP agent`|host.memory.total[memTotalReal.0]
      **Preprocessing**
      - Custom multiplier: `1000`| |Free memory|MIB : ucdavis MIB
        Free memory in bytes.
        |`SNMP agent`|host.memory.free[memAvailReal.0]
        **Preprocessing**
        Custom multiplier: `1000`| |Cached memory|MIB : ucdavis MIB
        Cached memory in bytes.
        |`SNMP agent`|host.memory.cached[memCached.0]
        **Preprocessing**
        Custom multiplier: `1000`| |SNMP walk Health|Used for discovering Health status from the Stormshield MIB
        |`SNMP agent`|health.walk
        | |HA synchronisation status|MIB : STORMSHIELD-HA-MIB
        Firewall configuration synchronization status
        (1: Synced, 0: Not synced, -1: Unknown / Error)
        |`SNMP agent`|ha.sync.status[snsHASyncStatus.0]
        | |HA number of firewalls not replying|MIB : STORMSHIELD-HA-MIB
        Number of firewalls registered in the HA cluster but not replying
        |`SNMP agent`|ha.node.dead[snsNbDeadNode.0]
        | |HA number of firewalls in the cluster|MIB : STORMSHIELD-HA-MIB
        Number of firewalls in the HA cluster
        |`SNMP agent`|ha.node.count[snsNbNode.0]
        | |HA number of active firewalls|MIB : STORMSHIELD-HA-MIB
        Number of active firewalls
        |`SNMP agent`|ha.node.active[snsNbActiveNode.0]
        | |SNMP walk HA members|Used for discovering HA members from the Stormshield MIB
        |`SNMP agent`|ha.members.walk
        | |HA number of faulty HA links|MIB : STORMSHIELD-HA-MIB
        Number of faulty HA links
        |`SNMP agent`|ha.links.faulty[snsNbFaultyHALinks.0]
        | |SNMP walk CPU usage|Used for discovering CPU usage from the HOST-RESOURCES-MIB
        |`SNMP agent`|cpu.usage.walk
        | |SNMP walk CPU temperature|Used for discovering CPU temperature from the Stormshield MIB
        |`SNMP agent`|cpu.temperature.walk
        | |SNMP walk auto-update|Used for discovering updates from the Stormshield MIB
        |`SNMP agent`|auto-update.walk
        | |Buffer memory|MIB : ucdavis MIB
        Buffer memory in bytes.
        |`SNMP agent`|host.memory.buffer[memBuffer.0]
        **Preprocessing**
        Custom multiplier: `1000`| |SNMP agent availability|Availability of SNMP checks on the host. The value of this item corresponds to availability icons in the host list.
        Possible values:
        0 - not available
        1 - available
        2 - unknown
        |`Zabbix internal`|zabbix[host,snmp,available]
        | |Available memory|Available memory in bytes.
        Available = Free + Cached + Buffer
        |`Calculated`|host.memory.available
        | |VPN : Number of mature vpn tunnels|MIB : STORMSHIELD-IPSEC-STATS-MIB
        Number of established security associations
        |`SNMP agent`|vpn.tunnel.mature[snsIPSECStatsSADMature.0]
        | |VPN : Number of dying vpn tunnels|MIB : STORMSHIELD-IPSEC-STATS-MIB
        Number of security associations at end of life
        |`SNMP agent`|vpn.tunnel.dying[snsIPSECStatsSADDying.0]
        | |VPN : Number of dead vpn tunnels|MIB : STORMSHIELD-IPSEC-STATS-MIB
        Number of dead security associations
        |`SNMP agent`|vpn.tunnel.dead[snsIPSECStatsSADDead.0]
        | |SNMP walk power supply|Used for discovering the power supply from the Stormshield MIB
        |`SNMP agent`|system.power.walk
        | |User memory|MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        User-space memory utilization percentage
        Warning : This OID might not be functionnal for SNS versions lower than 5.0
        |`SNMP agent`|system.memory.user[snsMemUser.0]
        | |System memory|MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Current memory utilization percentage
        Warning : This OID might not be functionnal for SNS versions lower than 5.0
        |`SNMP agent`|system.memory.system[snsMemSystem.0]
        | |Socket memory|MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Socket memory utilization percentage
        Warning : This OID might not be functionnal for SNS versions lower than 5.0
        |`SNMP agent`|system.memory.mbuf[snsMemMbuf.0]
        | |ICMP memory|MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Utilization percentage of ICMP memory
        Warning : This OID might not be functionnal for SNS versions lower than 5.0
        |`SNMP agent`|system.memory.icmp[snsMemIcmp.0]
        | |Protected Host memory|MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Utilization percentage of protected host memory
        Warning : This OID might not be functionnal for SNS versions lower than 5.0
        |`SNMP agent`|system.memory.host[snsMemHost.0]
        | |Fragment memory|MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Utilization percentage of fragment memory
        Warning : This OID might not be functionnal for SNS versions lower than 5.0
        |`SNMP agent`|system.memory.frag[snsMemFrag.0]
        | |Etherstate connections memory|MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Utilization percentage of etherstate connection memory
        Warning : This OID might not be functionnal for SNS versions lower than 5.0
        |`SNMP agent`|system.memory.ether[snsMemEther.0]
        | |Data tracking memory|MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Utilization percentage of data tracking memory
        Warning : This OID might not be functionnal for SNS versions lower than 5.0
        |`SNMP agent`|system.memory.data_track[snsMemDataTrack.0]
        | |ASQ connections memory|MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Utilization percentage of ASQ connection memory
        Warning : This OID might not be functionnal for SNS versions lower than 5.0
        |`SNMP agent`|system.memory.conn[snsMemConn.0]
        | |Number of current UDP connections|MIB : STORMSHIELD-ASQ-STATS-MIB
        Number of current UDP connections in the IPS
        |`SNMP agent`|asq.alarm.statefulludp[snsASQStatsStatefulUdpConn.{#SNMPINDEX}]
        | |Number of current TCP connections|MIB : STORMSHIELD-ASQ-STATS-MIB
        Number of current TCP connections in the IPS
        |`SNMP agent`|asq.alarm.statefulltcp[snsASQStatsStatefulTcpConn.{#SNMPINDEX}]
        | |Number of minor alarms|MIB : STORMSHIELD-ASQ-STATS-MIB
        Number of minor alarms reported by the IPS
        |`SNMP agent`|asq.alarm.statefull[snsASQStatsStatefulMinorAlarm.{#SNMPINDEX}]
        | |Number of major alarms|MIB : STORMSHIELD-ASQ-STATS-MIB
        Number of major alarms reported by the IPS
        |`SNMP agent`|asq.alarm.statefull[snsASQStatsStatefulMajorAlarm.{#SNMPINDEX}]
        | |VPN : Number of outgoing policies|MIB : STORMSHIELD-IPSEC-STATS-MIB
        Number of outgoing security policies
        |`SNMP agent`|ipsec.policies.out[snsIPSECStatsSPDOut.0]
        | |SNMP walk fan|Used for discovering fans from the Stormshield MIB
        |`SNMP agent`|system.fan.walk
        | |SNMP walk disk|Used for discovering disks from the Stormshield MIB
        |`SNMP agent`|system.disk.walk
        | |SNMP traps (fallback)|Used for collecting all SNMP traps unmatched by other `snmptrap` items.
        |`SNMP trap`|snmptrap.fallback
        | |Uptime in seconds|MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Stormshield firewall uptime in seconds
        |`SNMP agent`|system.hardware.uptime_sec[snsUptime.0]
        **Preprocessing**
        Javascript| |Uptime|MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Stormshield firewall uptime in day:hour:min:sec
        |`SNMP agent`|system.hardware.uptime_sec[snsUptime.0]
        | |Date|MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Stormshield Firewall current date (%Y-%m-%d %T)
        |`SNMP agent`|system.date[snsDate.0]
        | |Version|MIB : MIB : STORMSHIELD-PROPERTY-MIB
        Stormshield Firewall version
        |`SNMP agent`|property.hardware.version[snsVersion.0]
        | |Serial Number|MIB : MIB : STORMSHIELD-PROPERTY-MIB
        Stormshield Firewall serial number
        |`SNMP agent`|property.hardware.serial[snsSerialNumber.0]
        | |System Node Name|MIB : MIB : STORMSHIELD-PROPERTY-MIB
        Firewall System Node Name
        |`SNMP agent`|property.hardware.node_name[snsSystemNodeName.0]
        | |System Name|MIB : MIB : STORMSHIELD-PROPERTY-MIB
        Stormshield Firewall system Name
        |`SNMP agent`|property.hardware.name[snsSystemName.0]
        | |Model|MIB : MIB : STORMSHIELD-PROPERTY-MIB
        Firewall model
        |`SNMP agent`|property.hardware.model[snsModel.0]
        | |Active filtering policy name|MIB : STORMSHIELD-POLICY-MIB
        Active filtering policy name
        |`SNMP agent`|policy.slotname[snsPolicySlotName]
        | |Active IPsec policy name|MIB : STORMSHIELD-POLICY-MIB
        Active IPsec policy name
        |`SNMP agent`|policy.ipsec[snsPolicySlotNameIPsec]
        | |SNMP walk network|Used for discovering network interfaces from the Stormshield MIB
        |`SNMP agent`|network.interface.walk
        | ### Triggers |Name|Description|Expression|Severity|Dependencies and additional info| |----|-----------|----------|--------|--------------------------------| |SNS: Device has been replaced|
        Device serial number has changed. Acknowledge to close the problem manually.
        |`last(/SNS by SNMP/property.hardware.serial[snsSerialNumber.0],#1)<>last(/SNS by SNMP/property.hardware.serial[snsSerialNumber.0],#2) and length(last(/SNS by SNMP/property.hardware.serial[snsSerialNumber.0]))>0`|Info|**Manual close**: Yes| |SNS: Device has been restarted|
        Uptime is less than 10 minutes.
        |`last(/SNS by SNMP/system.hardware.uptime_sec[snsUptime.0])<10m`|Info|**Manual close**: Yes| |SNS: System name has changed|
        The name of the system has changed. Acknowledge to close the problem manually.
        |`last(/SNS by SNMP/property.hardware.name[snsSystemName.0],#1)<>last(/SNS by SNMP/property.hardware.name[snsSystemName.0],#2) and length(last(/SNS by SNMP/property.hardware.name[snsSystemName.0]))>0`|Info|**Manual close**: Yes| |SNS: High ICMP ping loss|
        ICMP ping loss detected.
        |`min(/SNS by SNMP/icmppingloss,5m)>{$ICMP_LOSS_WARN} and min(/SNS by SNMP/icmppingloss,5m)<100`|Warning|**Depends on**:
        SNS: Unavailable by ICMP ping
        | |SNS: High ICMP ping response time|
        Average ICMP response time is too high.
        |`avg(/SNS by SNMP/icmppingsec,5m)>{$ICMP_RESPONSE_TIME_WARN}`|Warning|**Depends on**:
        SNS: Unavailable by ICMP ping
        SNS: High ICMP ping loss
        | |SNS: No SNMP data collection|
        SNMP is not available for polling. Please check device connectivity and SNMP settings.
        |`max(/SNS by SNMP/zabbix[host,snmp,available],{$SNMP.TIMEOUT})=0`|Warning|**Depends on**:
        SNS: Unavailable by ICMP ping
        | |SNS: Faulty HA link|
        There is at least one faulty HA link.
        |`last(/SNS by SNMP/ha.links.faulty[snsNbFaultyHALinks.0],#1)>0`|Average|| |SNS: HA synchronization error|
        The cluster HA is not synchronised properly.
        |`last(/SNS by SNMP/ha.sync.status[snsHASyncStatus.0],#1)<0`|Average|| |SNSha: High memory utilization|
        The system is running out of free memory.
        |`min(/SNS by SNMP/host.memory.utilization,5m)>{$MEMORY.UTIL.MAX}`|Average|| |SNSha: High memory utilization for /data|
        The data file is running out of free memory.
        |`min(/SNS by SNMP/host.memory.utilization_data,5m)>{$MEMORY.UTIL.MAX}`|Average|| |SNSha: High memory utilization for /log|
        The log file is running out of free memory.
        |`min(/SNS by SNMP/host.memory.utilization_log,5m)>{$MEMORY.UTIL.MAX}`|Average|| |SNS: Unavailable by ICMP ping|
        Last three attempts returned timeout. Please check device connectivity.
        |`max(/SNS by SNMP/icmpping,#3)=0`|High|| ## LLD rule Auto-update discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |Auto-update discovery|Used for discovering updates from the Stormshield MIB
        |`Dependent item`|auto-update.discovery
        **Preprocessing**
        SNMP walk to JSON| ## Item prototypes for Auto-update discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |Auto-update {#UPDATE.NAME} : Last update date
        |MIB : STORMSHIELD-AUTOUPDATE-MIB
        Date of the last update of a subsystem|`Dependent item`|system.update.last[snsAutoupdateLast.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.9.1.1.4.{#SNMPINDEX}`
        |Auto-update {#UPDATE.NAME} : Update state
        |MIB : STORMSHIELD-AUTOUPDATE-MIB
        State of the update of a subsystem|`Dependent item`|system.update.state[snsAutoupdateState.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.9.1.1.3.{#SNMPINDEX}`
        ### Trigger prototypes for Auto-update discovery |Name|Description|Expression|Severity|Dependencies and additional info| |----|-----------|----------|--------|--------------------------------| |SNS: Auto-update {#UPDATE.NAME} not up to date
        |The auto-update is broken or has failed.|`(find(/Stormshield by SNMP/system.update.state[snsAutoupdateState.{#SNMPINDEX}],,"like","Failed")=1) or (find(/Stormshield by SNMP/system.update.state[snsAutoupdateState.{#SNMPINDEX}],,"like","Broken")=1)`|Info| ## LLD rule CPU temperature discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |CPU temperature discovery|Used for discovering the CPU temperature from the Stormshield MIB
        |`Dependent item`|CPU.temperature.discovery
        **Preprocessing**
        SNMP walk to JSON| ## Item prototypes for CPU temperature discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |CPU {#CPU.ID}: temperature
        |MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Temperature in degrees Celsius|`Dependent item`|system.cpu.temperature[snsCpuTemp.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.10.7.1.2.{#SNMPINDEX}`
        ## LLD rule CPU usage discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |CPU usage discovery|Used for discovering the CPU usage from the Stormshield MIB
        |`Dependent item`|CPU.usage.discovery
        **Preprocessing**
        SNMP walk to JSON| ## Item prototypes for CPU usage discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |CPU {#CPU.ID}: temperature
        |MIB : HOST-RESOURCES-MIB
        The average percentage of time that this processor was not idle over the last minute. Implementations may approximate this one minute smoothing period if necessary.
        Note that cpu 196608 = cpu 0, 196609 = 1, ...|`Dependent item`|system.cpu.usage[hrProcessorLoad.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.2.1.25.3.3.1.2.{#SNMPINDEX}`
        ### Trigger prototypes for CPU usage discovery |Name|Description|Expression|Severity|Dependencies and additional info| |----|-----------|----------|--------|--------------------------------| |SNS: CPU {#SNMPINDEX}: High CPU utilization
        |The CPU utilization is high. The system might be slow to respond.|`min(/Stormshield by SNMP/system.cpu.usage[hrProcessorLoad.{#SNMPINDEX}],5m)>{$CPU.UTIL.WARN}`|Warning|**Depends on**:
        SNS: CPU {#SNMPINDEX}: CPU utilization too high
        | |SNS: CPU {#SNMPINDEX}: CPU utilization too high
        |The CPU utilization is too high. The system might be slow to respond.|`min(/Stormshield by SNMP/system.cpu.usage[hrProcessorLoad.{#SNMPINDEX}],5m)>{$CPU.UTIL.CRIT}`|High|| ## LLD rule Disk discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |Disk discovery|Used for discovering disks from the Stormshield MIB
        |`Dependent item`|disk.discovery
        **Preprocessing**
        SNMP walk to JSON| ## Item prototypes for Disk discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |Disk {#DISK.ID} : Disk name
        |MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Name of the disk|`Dependent item`|system.disk.name[snsDiskEntryDiskName.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.10.5.1.2.{#SNMPINDEX}`
        |Disk {#DISK.ID} : member of a RAID array ?
        |MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Is the disk a member of a RAID array ?|`Dependent item`|system.disk.RAID[snsDiskEntryIsRaid.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.10.5.1.4.{#SNMPINDEX}`
        |Disk {#DISK.ID} : RAID Status
        |MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        RAID Status|`Dependent item`|system.disk.status[snsDiskEntryRaidStatus.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.10.5.1.5.{#SNMPINDEX}`
        |Disk {#DISK.ID} : Result smart info test
        |MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Result of the smart info tests|`Dependent item`|system.disk.result[snsDiskEntrySmartResult.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.10.5.1.3.{#SNMPINDEX}`
        ## LLD rule Fan discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |Fan discovery|Used for discovering the fan from the Stormshield MIB
        |`Dependent item`|fan.discovery
        **Preprocessing**
        SNMP walk to JSON| ## Item prototypes for Fan discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |FAN {#FAN.ID}: Fan name
        |MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Name of the Fan|`Dependent item`|system.fan.name[snsFanName.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.10.9.1.2.{#SNMPINDEX}`
        |FAN {#FAN.ID}: Fan status
        |MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Status of the Fan|`Dependent item`|system.fan.status[snsFanStatus.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.10.9.1.3.{#SNMPINDEX}`
        |FAN {#FAN.ID}: Speed of the Fan
        |MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Speed of the Fan|`Dependent item`|system.fan.speed[snsFanRpm.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.10.9.1.4.{#SNMPINDEX}`
        ## LLD rule HA members discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |HA members discovery|Used for discovering HA members from the Stormshield MIB
        |`Dependent item`|HAmembers.discovery
        **Preprocessing**
        SNMP walk to JSON| ## Item prototypes for HA members discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |HA members {#HA.ID} : Firewall active/passive
        |MIB : STORMSHIELD-HA-MIB
        Is the firewall active ?|`Dependent item`|ha.active[snsHAActive.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.11.7.1.10.{#SNMPINDEX}`
        |HA members {#HA.ID} : Firewall model
        |MIB : STORMSHIELD-HA-MIB
        Firewall model|`Dependent item`|ha.model[snsModel.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.11.7.1.4.{#SNMPINDEX}`
        |HA members {#HA.ID} : Firewall serial
        |MIB : STORMSHIELD-HA-MIB
        Firewall serial|`Dependent item`|ha.serial[snsFwSerial.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.11.7.1.2.{#SNMPINDEX}`
        |HA members {#HA.ID} : Firewall status
        |MIB : STORMSHIELD-HA-MIB
        HA status forced (-2 : Unknown forced status, -1 : No peer found, 0 : No forced status, 1 : Forced active, 2 : Forced passive)|`Dependent item`|ha.status[snsHAStatusForced.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.11.7.1.9.{#SNMPINDEX}`
        |HA members {#HA.ID} : Firewall uptime
        |MIB : STORMSHIELD-HA-MIB
        Firewall uptime|`Dependent item`|ha.uptime[snsHAUptime.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.11.7.1.11.{#SNMPINDEX}`
        |HA members {#HA.ID} : HA Licence
        |MIB : STORMSHIELD-HA-MIB
        HA Licence|`Dependent item`|ha.license[snsHALicence.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.11.7.1.6.{#SNMPINDEX}`
        |HA members {#HA.ID} : HA Priority
        |MIB : STORMSHIELD-HA-MIB
        HA Priority|`Dependent item`|ha.priority[snsHAPriority.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.11.7.1.8.{#SNMPINDEX}`
        |HA members {#HA.ID} : HA Quality
        |MIB : STORMSHIELD-HA-MIB
        HA Quality|`Dependent item`|ha.quality[snsHAQuality.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.11.7.1.7.{#SNMPINDEX}`
        |HA members {#HA.ID} : online
        |MIB : STORMSHIELD-HA-MIB
        Firewall is online|`Dependent item`|ha.online[snsOnline.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.11.7.1.3.{#SNMPINDEX}`
        ### Trigger prototypes for HA members discovery |Name|Description|Expression|Severity|Dependencies and additional info| |----|-----------|----------|--------|--------------------------------| |SNS: Health status Firewall {#HEALTH.ID}: The fan is not working correctly
        |The fans do not work correctly and have raised an alarm|`find(/Stormshield by SNMP/health.fan.status[snsFanHealth.{#SNMPINDEX}],,"like","Major")=1`|Average|| |SNS: Health status Firewall {#HEALTH.ID}: The RAID is not working correctly
        |The raid does not work in optimal mode and has raised an alarm|`find(/Stormshield by SNMP/health.RAID.status[snsRaidHealth.{#SNMPINDEX}],,"like","Major")=1`|Average|| |SNS: Health status Firewall {#HEALTH.ID}: Admin password is not secured
        |The admin password is the default password, please change it.|`find(/Stormshield by SNMP/health.password.status[snsPasswdHealth.{#SNMPINDEX}],,"like","Major")=1`|High|| |SNS: Health status Firewall {#HEALTH.ID}: HA link is down
        |The HA link does not work (down)|`find(/Stormshield by SNMP/health.ha_link.status[snsHaLinkHealth.{#SNMPINDEX}],,"like","Major")=1`|High|| |SNS: Health status Firewall {#HEALTH.ID}: The CPU is overheating
        |The CPU does not work correctly and has raised an alarm|`find(/Stormshield by SNMP/health.cpu.temperature[snsCpuTempHealth.{#SNMPINDEX}],,"like","Major")=1`|High|| |SNS: Health status Firewall {#HEALTH.ID}: The disk is not working correctly
        |The disks does not work correctly and has raised an alarm|`find(/Stormshield by SNMP/health.disk.status[snsDiskHealth.{#SNMPINDEX}],,"like","Major")=1`|High|| |SNS: Health status Firewall {#HEALTH.ID}: The power supply is not working correctly
        |The power supply does not work correctly and has raised an alarm.|`find(/Stormshield by SNMP/health.power.status[snsPowerSupplyHealth.{#SNMPINDEX}],,"like","Major")=1`|High|| ## LLD rule Health status discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |Health status discovery|Used for discovering the Health status from the Stormshield MIB
        |`Dependent item`|Health.discovery
        **Preprocessing**
        SNMP walk to JSON| ## Item prototypes for Health status discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |Health status Firewall {#HEALTH.ID} : Admin Password
        |MIB : STORMSHIELD-HEALTH-MONITOR-MIB
        Current health status of Stormshield Firewall Admin Password
        - 'Good' if the date on which the admin password was last changed is less than a year ago
        - 'Minor' if the date on which the admin password was last changed is more than a year ago
        - 'Major' if the admin password is the default password|`Dependent item`|health.password.status[snsPasswdHealth.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.16.2.1.14.{#SNMPINDEX}`
        |Health status Firewall {#HEALTH.ID} : certificates
        |MIB : STORMSHIELD-HEALTH-MONITOR-MIB
        Stormshield Firewall certificates current health status|`Dependent item`|health.certificates.status[snsCertHealth.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.16.2.1.11.{#SNMPINDEX}`
        |Health status Firewall {#HEALTH.ID} : CPU
        |MIB : STORMSHIELD-HEALTH-MONITOR-MIB
        Current health status of Stormshield Firewall CPU
        - 'Good' if CPU load <= 90%
        - 'Minor' if CPU load > 90% during a time lower than 5 minutes
        - 'Major' if CPU load > 90% during a time higher than 5 minutes|`Dependent item`|health.cpu.status[snsCpuHealth.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.16.2.1.7.{#SNMPINDEX}`
        |Health status Firewall {#HEALTH.ID} : CPU temperature
        |MIB : STORMSHIELD-HEALTH-MONITOR-MIB
        Current health status of Stormshield Firewall CPU temperature
        - 'Good' if CPU temperature is at least 20°C below max temperature
        - 'Minor' if CPU temperature is 20°C, or less, below max temperature
        - 'Major' if CPU temperature is 5°C below max temperature|`Dependent item`|health.cpu.temperature[snsCpuTempHealth.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.16.2.1.15.{#SNMPINDEX}`
        |Health status Firewall {#HEALTH.ID} : CRLs
        |MIB : STORMSHIELD-HEALTH-MONITOR-MIB
        Current health status of Stormshield firewall CRLs|`Dependent item`|health.CRLs.status[snsCRLHealth.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.16.2.1.12.{#SNMPINDEX}`
        |Health status Firewall {#HEALTH.ID} : disk
        |MIB : STORMSHIELD-HEALTH-MONITOR-MIB
        Current health status of Stormshield Firewall disk
        - 'Good' if the disks works correctly
        - 'Minor' if the disks does not work correctly
        - 'Major' if the disks does not work correctly and has raised an alarm|`Dependent item`|health.disk.status[snsDiskHealth.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.16.2.1.9.{#SNMPINDEX}`
        |Health status Firewall {#HEALTH.ID} : fans
        |MIB : STORMSHIELD-HEALTH-MONITOR-MIB
        Current health status of Stormshield Firewall fans
        - 'Good' if the fans work correctly
        - 'Minor' if the fans do not work correctly
        - 'Major' if the fans do not work correctly and have raised an alarm|`Dependent item`|health.fan.status[snsFanHealth.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.16.2.1.6.{#SNMPINDEX}`
        |Health status Firewall {#HEALTH.ID} : HA link
        |MIB : STORMSHIELD-HEALTH-MONITOR-MIB
        Current health status of Stormshield Firewall HA link
        - 'Good' if the HA link works correctly
        - 'Minor' if the HA link does not work correctly (may be down)
        - 'Major' if the HA link does not work (down)|`Dependent item`|health.ha_link.status[snsHaLinkHealth.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.16.2.1.4.{#SNMPINDEX}`
        |Health status Firewall {#HEALTH.ID} : HA Mode
        |MIB : STORMSHIELD-HEALTH-MONITOR-MIB
        Current status of Stormshield Firewall HA mode
        - 'None' if HA is not active
        - 'Active' if the firewall is the active one
        - 'Passive' if the firewall is the passive one|`Dependent item`|health.ha_mode.status[snsHaModeHealth.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.16.2.1.3.{#SNMPINDEX}`
        |Health status Firewall {#HEALTH.ID} : memory
        |MIB : STORMSHIELD-HEALTH-MONITOR-MIB
        Current health status of Stormshield Firewall memory
        - 'Good' if memory load <= 80%
        - 'Minor' if memory load > 80% during a time lower than 15 minutes
        - 'Major' if memory load > 80% during a time higher than 15 minutes|`Dependent item`|health.memory.status[snsMemHealth.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.16.2.1.8.{#SNMPINDEX}`
        |Health status Firewall {#HEALTH.ID} : power supply
        |MIB : STORMSHIELD-HEALTH-MONITOR-MIB
        Current health status of Stormshield Firewall power supply
        - 'Good' if the power supply works correctly
        - 'Minor' if the power supply does not work correctly
        - 'Major' if the power supply does not work correctly and has raised an alarm|`Dependent item`|health.power.status[snsPowerSupplyHealth.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.16.2.1.5.{#SNMPINDEX}`
        |Health status Firewall {#HEALTH.ID} : RAID
        |MIB : STORMSHIELD-HEALTH-MONITOR-MIB
        Current health status of Stormshield Firewall raid
        - 'Good' if the raid works in optimal mode
        - 'Minor' if the raid does not work in optimal mode
        - 'Major' if the raid does not work in optimal mode and has raised an alarm|`Dependent item`|health.RAID.status[snsRaidHealth.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.16.2.1.10.{#SNMPINDEX}`
        ## LLD rule Network interface discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |Network interface discovery|Used for discovering the Health status from the Stormshield MIB
        |`Dependent item`|network.discovery
        **Preprocessing**
        SNMP walk to JSON| ## Item prototypes for Network interface discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |Network interface {#IF.NAME}: Accepted packets
        |MIB : STORMSHIELD-IF-MIB
        Number of accepted packets|`Dependent item`|network.if.accepted[snsifPktAccepted.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.11.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: current UDP connection count
        |MIB : STORMSHIELD-IF-MIB
        current UDP connection count|`Dependent item`|network.if.UDP_count[snsifUdpConnCount.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.24.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: Incoming Current throughput
        |MIB : STORMSHIELD-IF-MIB
        Incoming Current throughput in B/s|`Dependent item`|network.if.in[snsifInCurThroughput.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.25.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: Incoming data bytes
        |MIB : STORMSHIELD-IF-MIB
        Incoming data bytes|`Dependent item`|network.if.in[snsifInTotalBytes.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.29.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: Interface IP address
        |MIB : STORMSHIELD-IF-MIB
        Interface address|`Dependent item`|network.if.ip[snsifAddr.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.4.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: Interface mask
        |MIB : STORMSHIELD-IF-MIB
        Interface mask|`Dependent item`|network.if.mask[snsifMask.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.5.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: interface protected
        |MIB : STORMSHIELD-IF-MIB
        Is interface protected ?|`Dependent item`|network.if.protected[snsifProtected.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.37.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: Max intput flow rate
        |MIB : STORMSHIELD-IF-MIB
        Maximum incoming throughput in B/s|`Dependent item`|network.if.max_in[snsifInMaxThroughput.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.27.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: Max output flow rate
        |MIB : STORMSHIELD-IF-MIB
        Maximum outgoing throughput in B/s|`Dependent item`|network.if.max_out[snsifOutMaxThroughput.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.28.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: Outgoing Current throughput
        |MIB : STORMSHIELD-IF-MIB
        Current outgoing throughput in B/s|`Dependent item`|network.if.out[snsifOutCurThroughput.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.26.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: System interface name
        |MIB : STORMSHIELD-IF-MIB
        System interface name|`Dependent item`|network.if.name[snsifName.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.3.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: Blocked packets
        |MIB : STORMSHIELD-IF-MIB
        Number of packets that have been blocked|`Dependent item`|network.if.blocked[snsifPktBlocked.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.12.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: current TCP connection count
        |MIB : STORMSHIELD-IF-MIB
        current TCP connection count|`Dependent item`|network.if.TCP_count[snsifTcpConnCount.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.23.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: Incoming TCP data bytes
        |MIB : STORMSHIELD-IF-MIB
        Incoming TCP data bytes|`Dependent item`|network.if.in[snsifInTcpBytes.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.31.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: Incoming UDP data bytes
        |MIB : STORMSHIELD-IF-MIB
        Incoming UDP data bytes|`Dependent item`|network.if.in[snsifInUdpBytes.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.33.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: Outgoing data bytes
        |MIB : STORMSHIELD-IF-MIB
        Outgoing data bytes|`Dependent item`|network.if.out[snsifOutTotalBytes.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.30.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: Outgoing TCP data bytes
        |MIB : STORMSHIELD-IF-MIB
        Outgoing TCP data bytes|`Dependent item`|network.if.out[snsifOutTcpBytes.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.32.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: Outgoing UDP data bytes
        |MIB : STORMSHIELD-IF-MIB
        Outgoing UDP data bytes|`Dependent item`|network.if.out[snsifOutUdpBytes.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.34.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: TCP connection established
        |MIB : STORMSHIELD-IF-MIB
        TCP connection established|`Dependent item`|network.if.established[snsifTcpConn.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.21.{#SNMPINDEX}`
        |Network interface {#IF.NAME}: UDP connection established
        |MIB : STORMSHIELD-IF-MIB
        UDP connection established|`Dependent item`|network.if.established[snsifUdpConn.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.4.1.1.22.{#SNMPINDEX}`
        ## LLD rule Power supply discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |Power supply discovery|Used for discovering power supply from the Stormshield MIB
        |`Dependent item`|power_supply.discovery
        **Preprocessing**
        SNMP walk to JSON| ## Item prototypes for Power supply discovery |Name|Description|Type|Key and additional info| |----|-----------|----|----| |Firewall {#POWER.ID}: powered by electricity
        |MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        Is power supply powered by electricity ?|`Dependent item`|system.power.on-off[snsPowerSupplyPowered.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.10.6.1.2.{#SNMPINDEX}`
        |Firewall {#POWER.ID}: power status
        |MIB : STORMSHIELD-SYSTEM-MONITOR-MIB
        What is the status of the power supply ?|`Dependent item`|system.power.status[snsPowerSupplyStatus.{#SNMPINDEX}]
        **Preprocessing**
        SNMP walk value: `1.3.6.1.4.1.11256.1.10.6.1.3.{#SNMPINDEX}`