Hey guys, no response to my initial message so I wanted to update it a bit hoping for further guidance/help.

Firstly I downloaded the Sonicwall template from the zabbix github page and imported the yaml file as a new template:

- https://github.com/zabbix/community-...nsa_series/6.0
- template_sonicwall_nsa_series.yaml

Then I added this imported template to the firewall host I made yesterday. The SNMP light lid up but it doesn't seem to have a lot going with it. There are only a couple of things showing:

- 6 items
- 2 triggers
- 3 graphs

This is way less then what my switches are showing which are like over 100 items in those hosts mentioned.

I wanted to investigate further so I went ahead and downloaded all the MiB files from Sonicwall related to the three models I have (nsa4700, tz370, tz570). All three of them turned out to have 5 files in each zip MiB archive. Every model's MiB files turned out to be identical (i compared them). So what I'm saying is no matter the model I get the exact same MiB zip files. Within this zip there are 5 files:

- SNWL-COMMON-MIB.MIB
- SONICWALL-FIREWALL-IP-STATISTICS-MIB.MIB
- SONICWALL-FIREWALL-TRAP-MIB.MIB
- SONICWALL-SMI.MIB
- SW-SMI.MIB

The files' modify dates were 2019 and earlier. So I assume these MiB files do not get updated often, nor they change according to specific models.

I also downloaded a MiB browser to check the internals of these files... But I have no knowledge of MiBs, OID etc... The files are a blob of data I have no comprehension of.

Now I have no clue what to do next. I was hoping I could modify the custom Sonicwall template to include our models. I don't know what I'm supposed to do nor how to do it. I've been searching the web for answers but since I'm lost at how/what I'm supposed to be doing finding anything helpful is mostly impossible.

Long story short; I want to add our firewall devices to zabbix. I have the MiB files and a custom template from 2 years ago...

Now what?

PS: When I say I want to see the firewalls in zabbix I mean I would like to monitor the device health as well as checking all traffics passing through interfaces and vlans and what not.

I'm very new to all of this. :/

6 items are just the common things, ram,cpu etc (if you look on that github page theres 8 items listed, 6 "ordinary" and 2 which have also LLD mentioned). Interfaces are discovered by LLD and incoming-outcoming traffic items created.
Template has no triggers, so all you get out of the box is just some data collection. If you want any thing to be triggered, you need to add it by yourself.
You have nothing really to do with MIB-s. Only if you really want to dig into what exactly those boxes can give you and you decide to add some more items to that template... Then you dig into a mib, do lots of testing with snmpget and -walk and tehn maybe create those items and let Zabbix gather that info for you... Trap-mib may help you with creating snmptrap items (if you have snmptrapd configured etc), so you can also listen to incoming traps...

Thank you for your response. Yesterday I was thinking of making my own template for my devices looking at other ones prebuilt into zabbix like "Check Point Next Generation Firewall by SNMP". I thought I would mimic the settings and test it out. But I don't know how to implement the MIBs there.

So are you saying the Sonicwall template would suffice for my devices and that I don't need to make a template from scratch? I don't know how to verify that the custom Sonicwall template uses the same MIB files I downloaded from the manufacturer. Is there a way I can check it? I couldn't see the MIBs used in the github page.

Perhaps I'm still misunderstanding templates and MIBs. I'm going through:
https://blog.zabbix.com/building-tem...devices/13588/

And it's a little confusing tbh. For example the part where it says "Then we create an item and specify the SNMP OID". I can't find a place for that under the Zabbix GUI. I wonder if this document is dated or if I'm missing something.

Zabbix does not use MIBs directly..MIBs contain the information you need to create items. OID related fields in items become visible, when you select correct item type (SNMP agent). Its like with snmp queries, you don't need to have a MIB, you only need the OID to query...
I have no idea, what is sufficient for you.. If cpu/ram/traffic per IF is enough, then probably that template will do...

Every Sonicwall Firewall generation is the same, you will find the same OID works from the largest to the smallest firewall. Yes, the number of interfaces changes, but that should be handled by low-level discovery of interfaces by Zabbix template. So no need to worry about what exact model is in use.
No, the MIBs don't get updated very often. SNMP support hasn't really gone anywhere in a decade.

I'm starting to have a better comprehension regarding zabbix and templates. I've been playing around with it and have some hiccups here and there which I might ask for help...

Thank you for the template above. I know you said the linked template names may differ, and indeed the last one named 'Interfaces by SNMP' isn't found which prevents me from importing it. The other two linked ones have their names proper. I looked under the factory templates and the only one I saw that might be 'Interfaces by SNMP' is 'Network Generic Device by SNMP'. Would that be the correct one? If not which one should i use or should I just delete that line from the yaml file?

Edit-1: I tried changing the (linked) template name to 'Network Generic Device by SNMP' but now i get the error:
--Cannot inherit items with key "system.location[sysLocation.0]" of both "Network Generic Device by SNMP" and "Generic by SNMP" templates, because the key must be unique on template "Sonicwall".
So that isn't it.

Edit-2: Now I tried deleting the line for that specific template. Again an error while importing:
--Cannot inherit items with key "icmpping" of both "Generic by SNMP" and "ICMP Ping" templates, because the key must be unique on template "Sonicwall".


PS: I'm using latest (stable) zabbix version: 7.0.5

This was tested on a fresh install of 7.0, all I did was rename a few factory templates and link them to this one. As you have found, "Network Generic Device by SNMP" won't work because it duplicates things already on this Sonicwall template or linked to it. But if you check what templates are linked to "Network Generic Device by SNMP", you will find one with interfaces, which should work for you.

So i changed:

templates:
- name: 'Generic by SNMP'
- name: 'ICMP Ping'
- name: 'Interfaces by SNMP'

To:
templates:
- name: 'Template Module Generic SNMP'
# - name: 'Template Module ICMP Ping'
- name: 'Template Module Interfaces Simple SNMP'

I had to comment out the "ICMP Ping" line because it was saying its pulling/linking that from the other template (Template Module Generic SNMP). I didn't know what other option I had other than removing it.

This template you shared is much better and full than the one on the github page. That's why I ask you if commenting out that line is the way to go or should I have dealt with it differently? I am thinking of using your template in production so it's important I get it right.

Thanks!

PS: The template names have either changed from yesterday or I'm really confused. I'm %100 certain the template was named "Network Generic Device by SNMP" (I did a copy/paste to write it here). But now it's differently named as you can see above. I did add other templates for other devices while testing.. Perhaps I messed something up? I also did a apt-get update/upgrade yesterday to see if I can upgrade to version 7.0.6 which it did not. Could have one of those two things changed the names of the templates?

Unfortunately, no, updating Zabbix will not update any factory templates, you have to manually import them. So that's the only reason they might have changed.

That's correct, no other option. You cannot link the same template multiple times to one template.

Thank you for all your help. I'm gonna set your reply with the template as the answer. Though if the thread allows me to I will continue to ask questions here regarding templates. I'm trying my best to understand it all and it's a bit overwhelming. ATM I'm in the middle of deleting all the test servers I made and starting from scratch (with timescaledb this time.. which is a totally different topic). If the thread locks then I'll just make a new post.

Thanks again to both of you, especially troffasky!

Question:
While you import a template it gives you the options for "Update existing, Create new, Delete missing". The second one is obvious but what about updating or deleting? What do they do? Do they update/delete other items/templates/etc written-linked within this imported yaml file? Or are all changes mentioned just regarding this new imported template?

I'm trying to understand the logic. I don't want to mess up the default factory items/templates etc while testing with new custom templates.

If it does modify existing "other" items then what is considered best practice? I feel like just checking "Create new" and unchecking "Update existing"/"Delete missing" is the way to go. What would you recommend?

PS: trying to understand how my template names got changed on my previous installation. As mentioned on above posts some of the factory template names changed, I'm not sure what caused it.


Edit:
Okay so after examining a bit I think I know the answer. Just to clarify my initial question I wanted to know whether updating/deleting options would modify other linked items/templates/etc or if it would rather update a template with the exact same name. For example if there was a template named Custom1 in zabbix and I went ahead and imported a template with the same name (Custom1) would the updating/deleting options modify the existing template with that name or change other stuff. The answer seems to be "other stuff". I'm still unsure about the best practice but I assume you would say "it depends...". Which seems right. At least at first, while still learning the basics I'll try to avoid updating/deleting existing items. In the future once I know how to handle the upgrades I could probably modify while importing.

Also I found what changed my template names. I had imported a template for Ubiquiti SNMP (EdgeMAX SNMPv2). That was the thing that changed my default snmp template names.

Perhaps this answer will help anyone out in the future that's a beginner like me.

Hi,

Sorry this is late.

Perhaps my template can be of some use to you? https://github.com/sjackson0109/Zabb..._firewall.yaml
The HA detection/alarming needs a little work, but for the most part it works well.

There is a ubiquiti one too, and several others i've been working on.
Simon

Good effort sjackson0109 but where are you getting some of these OIDs from? I have been looking for years for OIDs for HA status, but the ones you are using return values which are suspiciously similar to connections active and max!

This is TZ670 HA pair running 7.2.0