SRX Services Gateway
SRX Services Gateway

SNMP MIB Data for Security Policy Missing in 11.4R1.6

[ Edited ]
12.29.11   |  
‎12-29-2011 07:51 AM

In previous versions of code I was able to obtain data from the "jnxJsPolicies" (oid=1.3.6.1.4.1.2636.3.39.1.4) portion of the SRX MIB.  This data seems to no longer be available in 11.4R1.6.  I was specifically getting data from the jnxJsPolicyStatsTable (oid= 1.3.6.1.4.1.2636.3.39.1.4.1.1.3).  Is there now a setting that prevents this data from being made available automatically?  Can it be enabled?

 

Policy Mib: http://www.juniper.net/techpubs/en_US/junos11.4/topics/concept/mib-policy-objects-junos-overview.htm...

 

PolicyStatsTable: http://www.juniper.net/techpubs/en_US/junos11.4/topics/reference/general/jnxjspolicystatstable-nm-mi...

10 REPLIES
SRX Services Gateway

Re: SNMP MIB Data for Security Policy Missing in 11.4R1.6

12.29.11   |  
‎12-29-2011 08:50 AM

So the second link for the jnxJsPolicyStatsTable contains this statement:

 

"jnxJsPolicyStatsTable, whose object ID is {jnxJsPolicyObjects 3}, exposes the security policy statistics entries listed in Table 1. These statistics can be enabled and disabled by configuration on a per-policy basis."

 

...but I can't find any command on a per-policy basis to support this.  Anyone?

SRX Services Gateway

Re: SNMP MIB Data for Security Policy Missing in 11.4R1.6

01.04.12   |  
‎01-04-2012 07:51 AM

Additional information...

 

I also noted that the mib information is not available directly from the CLI:

 

admin@srx100h> show snmp mib walk decimal .1.3.6.1.4.1.2636.3.39.1.4

SRX Services Gateway

Re: SNMP MIB Data for Security Policy Missing in 11.4R1.6

03.31.12   |  
‎03-31-2012 11:28 AM

Bump!

 

Anyone, this is still not availalbe in 12.1R1.9 or am I misreading the documentation?  Can anyone confirm the same behaviour.

SRX Services Gateway

Re: SNMP MIB Data for Security Policy Missing in 11.4R1.6

10.14.12   |  
‎10-14-2012 08:21 PM

I was missing the BGP4 MIB with 11.4R3 but restarting the SNMP daemon fixed the issue for me.

 

> restart snmp

 

 

SRX Services Gateway

Re: SNMP MIB Data for Security Policy Missing in 11.4R1.6

01.18.13   |  
‎01-18-2013 10:36 AM

I have run into the same issue on my SRXs. I am running 11.4:

 

show snmp mib walk 1.3.6.1.4.1.2636.3.39.1.4

 

This command returns no results. I would expect to see everything in teh jnxJsPolicies mib tree.
 Does anyone know how to enable this MIB, or perhaps update the firewalls MIB?

 

Thanks in Advance!

 

 

SRX Services Gateway

Re: SNMP MIB Data for Security Policy Missing in 11.4R1.6

01.18.13   |  
‎01-18-2013 11:07 AM

Would be nice, but I haven't yet found a solution.  I'm now running 12.1R4.7 and this MIB is still unavailable.

SRX Services Gateway

Re: SNMP MIB Data for Security Policy Missing in 11.4R1.6

01.18.13   |  
‎01-18-2013 11:25 AM

Is there a way to refresh the supported MIBs on a SRX?

SRX Services Gateway

Re: SNMP MIB Data for Security Policy Missing in 11.4R1.6

01.21.13   |  
‎01-21-2013 02:35 PM

Bumped - Hopefully we can get an answer on why they are missing. I looked in the docs and they should be available.

SRX Services Gateway

Re: SNMP MIB Data for Security Policy Missing in 11.4R1.6

01.21.13   |  
‎01-21-2013 03:02 PM

Found answer:

 

Juniper changed how policy SNMP lookups work with logical systems after 11.2. See this KB article: KB23155

The fix is to take your SNMP read community string and add "default@" in front of it. For example default@public. This is for the default logical system.

SRX Services Gateway

Re: SNMP MIB Data for Security Policy Missing in 11.4R1.6

01.22.13   |  
‎01-22-2013 06:35 AM

Awesome it works perfectly on 12.1R4.7.  Glad to know the KB was published on 18-Dec-2012 and hasn't been sitting out there too long!