Hello, I' m using a pair of FGT-310B' s, so first there are 10 hardware ports (using ifIndex = 1-10), then we have SSLVPN, about 40 VLAN' s, about 30 IPSec tunnel in Policy mode and about 10 IPSec tunnel in Interface mode. If a add a new IPSec tunnel _ALL_ ID' s for tunnel change (it does not matter if they are in Policy or Interface mode), so we have to correct our Nagios script to continue monitoring the tunnel state (using fgVpnTunEntStatus = 1.3.6.1.4.1.12356.101.12.2.2.1.20.ID ). That happens about once per month. Monitoring traffic with MRTG (also using SNMP) is much more easier, because there I can specify interface names, but this is not possible in our Nagios plugin. Sincerely Harald

So what' s the purpose of the tunnel monitor? I' m monitoring active SSLVPN client connections. oid = 1.3.6.1.4.1.12356.101.12.2.3.1.7.1 Are you looking for tunnel stats ( byes, traffic ) or something else. If the tunnels are dynamic then the ifIndex will always change based on what/who is using it. I' m only monitoring active and max sslvpn tunnels usages in my case.

Hello emnoc, I' m not talking about SSLVPN tunnels, but IPSec tunnels (site-to-site VPN) with static IP addresses at the remote site. These tunnels are used by our customers. We are monitoring the tunnel state (Up or Down) with Nagios. Sincerely Harald

Yeah I figured that out from your original post, so are you referring that when the tunnel goes up and down it changes ifIndex or only when you add more tunnels? I don' t think a the tunnels have a means or methods for static snmp persistence but you can contact TAC and see what they will say. Have you looked at trying to use the interface aliases name or descr? Since that would most likely always be static ? And what are you trying to graph or monitors bytes or octets across the tunnel?