I'm running ScreenOS 6.2.0r1.0 and am trying to pull Counter32 values from snmp oid NETSCREEN-POLICY-MIB::nsPlyMonTotalByte (.220.127.116.11.4.1.318.104.22.168.8). This provides the TotalByte count for each rule in the policy. The problem I'm having is I'm only getting data for IPv4 rules. All my IPv6 rules are reporting 0 even though they are being utilized. Anyone know why this data is not available via snmp?
Now I've upraded to 6.2.0r2 and now the counters are visible doing a 'get counter policy <id#> day' for example. However, the data is still not available when doing an snmp read. Yet I notice there are not MIBS for 6.2 only 6.1. Ideas?
Thanks for the clarification. Unfortunately even with those mibs the SNMP data still comes back empty. Here's an example from our lab:
ns5gt-> get address Trust name trust_v6_net Name Address/Mask Flag Comments
trust_v6_net 2001:470:e0bb::/64 0080
ns5gt-> get policy id 31 name:"LAN-PING6-EXT" (id 31), zone Untrust -> Trust,action Permit, status "enabled" src "Any-IPv6", dst "trust_v6_net", serv "PINGv6" Rules on this VPN policy: 0 nat off, Web filtering : disabled vpn unknown vpn, policy flag 00010000, session backup: on, idle reset: on traffic shaping off, scheduler n/a, serv flag 00 log close, log count 79, alert no, counter yes(23) byte rate(sec/min) 0/0 total octets 0, counter(session/packet/octet) 0/0/23
*Note: I assume the "counter yes(23)" would correalate to what's in 'get counter' and would expect to get from the snmp data?
ns5gt-> get counter policy 31 min PID: 31, Interval: Minute, Unit: Kb/Min, End Time: 28Apr2009:13:04:50 000-002: 00000000000000000000 00000000000000000000 00000000000000000000 003-005: 00000000000000000001 00000000000000000001 00000000000000000000
After more investigation I've discovered that I'm not getting IPv6 policy counter snmp data for *packet* and *byte* counters, but I am getting the data for the *session* counters. However, I would expect that once the counter for an IPv6 policy ID were turned on I should get all. Let me know if my resoning is off.