Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Configuring SNMP - WebUI

To enable SNMP:

  1. In the tree view, click System Management > SNMP.
  2. Select Enable SNMP Agent.
  3. In Version drop down list, select the version of SNMP to run:
    • 1/v2/v3 (any)

      Select this option if your management station does not support SNMPv3.

    • v3-Only

      Select this option if your management station supports v3. SNMPv3 provides a higher level of security than v1 or v2.

  4. In SNMP Location String, enter a string that contains the location for the system. The maximum length for the string is 128 characters. That includes letters, numbers, spaces, special characters. For example: Bldg 1, Floor 3, WAN Lab, Fast Networks, Speedy, CA
  5. In SNMP Contact String, enter a string that contains the contact information for the device. The maximum length for the string is 128 characters. That includes letters, numbers, spaces, special characters. For example: John Doe, Network Administrator, (111) 222‑3333
  6. Click Apply.

To set an SNMP agent address:

  1. In the tree view, click System Management > SNMP.

    The SNMP Addresses table shows the applicable interfaces and their IP addresses.

  2. Select the header row checkbox to select all or select individual interfaces.

Note - If no agent addresses are specified, the SNMP protocol responds to requests from all interfaces.

To configure the community strings:

  1. In the V1/V2 Settings section, in Read Only Community String, set a string other than public. This is a basic security precaution that you must always use.
  2. (Optional). Set a Read-Write Community String.

    Warning - Set a read-write community string only if you have reason to enable set operations, and if your network is secure.

To add a USM user:

  1. In the tree view, click System Management > SNMP.
  2. Below V3 - User-Based Security Model (USM), click Add. The Add New USM User window opens.
  3. In User Name, The range is 1 to 31 alphanumeric characters with no spaces, backslash, or colon characters. This can be the same as a user name for system access.
  4. In Security Level, select from the drop down list:
    • authPriv—The user has authentication and privacy pass phrases and can connect with privacy encryption.
    • authNoPriv—The user has only an authentication pass phrase and can connect only without privacy encryption.
  5. In User Permissions, select the privileges for the user:
    • Read-only
    • Read-write
  6. In Authentication Pass Phrase, enter a password for the user that is between 8 and 128 characters in length.
  7. In Privacy Pass Phrase, enter a pass phrase that is between 8 and 128 characters in length. Used for protection against disclosure of SNMP message payloads.
  8. Click Save. The new user shows in the table.

To delete a USM user

  1. In the tree view, click System Management > SNMP.
  2. Below V3 - User-Based Security Model (USM), select the user and click Remove. The Deleting USM User Entry window opens.
  3. The window shows this message: Are you sure you want to delete "username" entry? Click Yes.

To edit a USM user:

  1. In the tree view, click System Management > SNMP.
  2. Below V3 - User-Based Security Model (USM), select the user and click Edit. The Edit USM User window opens.
  3. In the window you can change the Security Level, User Permissions, the Authentication Passphrase, or the Privacy Passphrase.
  4. Click Save.

To enable or disable trap types:

  1. In the tree view, click System Management > SNMP.
  2. In the Enabled Traps section, click Set. The Add New Trap Receiver window opens.
    • To enable a trap: Select from the Disabled Traps list, and click Add>
    • To disable a trap: Select from the Enabled Traps list, and click Remove>
  3. Click Save.
  4. Add a USM user. You must do this even if using SNMPv1 or SNMPv2. In Trap User, select an SNMP user.
  5. In Polling Frequency, specify the number of seconds between polls.
  6. Click Apply.

To configure trap receivers (management stations):

  1. In the tree view, click System Management > SNMP.
  2. In the Trap Receivers Settings section, click Add. The Add New Trap Receiver window opens.
  3. In IPv4 Address, enter the IP address of a receiver.
  4. In Version, Select the Trap SNMP Version for the trap receiver from the drop down menu.
  5. In Community String, enter the community string for the specified receiver.
  6. Click Save.

To edit trap receivers:

  1. In the tree view, click System Management > SNMP.
  2. In the Trap Receivers Settings section, select the trap and click Edit. The Edit Trap Receiver window opens.
  3. You can change the Version or the community string.
  4. Click Save.

To delete trap receivers:

  1. In the tree view, click System Management > SNMP.
  2. In the Trap Receivers Settings section, select the trap and click Remove. The Deleting Trap Receiver Entry window opens.
  3. The window shows this message: Are you sure you want to delete "IPv4 address" entry? Click Yes.

Configuring SNMP - CLI (snmp)







Description



Use These commands to configure SNMP







Syntax



Enable SNMP


Set Commands:


set snmp agent VALUE


set snmp agent-version VALUE


set snmp location VALUE


set snmp contact VALUE


Show Commands:


show snmp agent


show snmp agent-version


show snmp location


show snmp contact


Delete Commands:


delete snmp location


delete snmp contact







 



SNMP Agent Address


Add commands:


add snmp address VALUE


Set Commands:


set snmp community VALUE read-only


set snmp community VALUE read-write


Show Commands:


show snmp address


show snmp community


Delete Commands:


delete snmp address VALUE


delete snmp community VALUE







 



v3 USM User Settings


Add Commands:


add snmp usm user VALUE security-level authNoPriv


This opens an interactive dialog for you to enter a password.


 


Important - We do not recommend the following command because passwords are 
stored as plain text in the command history:


add snmp usm user VALUE security-level authNoPriv auth-pass-phrase
VALUE


 


Important - We do not recommend the following command because the passwords are stored as plain text in the  command history:


add snmp usm user VALUE security-level authPriv auth-pass-phrase VALUE privacy-pass-phrase VALUE


To export an authNoPriv snmp user to another Gaia system use:


add snmp usm user VALUE security-level authNoPriv auth-pass-phrase-hashed VALUE


Get the hashed password by running:


show configuration snmp


 


add snmp usm user VALUE security-level authPriv


This opens an interactive dialog for you to enter passwords.


 


To export an authPriv snmp user to another Gaia system use:


add snmp usm user VALUE security-level authPriv auth-pass-phrase hashed VALUE privacy-pass-phrase-hashed VALUE


Get the hashed password by running:


show configuration snmp


Set Commands:


set snmp usm user VALUE security-level authNoPriv auth-pass-phrase VALUE


 


set snmp usm user VALUE security-level authPriv auth-pass-phrase VALUE privacy-pass-phrase VALUE


 


set snmp usm user VALUE security-level authPriv privacy-pass-phrase VALUE auth-pass-phrase VALUE


 


set snmp usm user VALUE usm-read-only


 


set snmp usm user VALUE usm-read-write


 


Show Commands:


show snmp usm user VALUE


show snmp usm users


Delete Commands:


delete snmp usm user VALUE







 



SNMP Traps


Add Commands:


add snmp traps receiver VALUE version v1 community VALUE


add snmp traps receiver VALUE version v2 community VALUE


add snmp traps receiver VALUE version v3


Set Commands:


set snmp traps receiver VALUE version v1 community VALUE


set snmp traps polling-frequency VALUE


set snmp traps receiver VALUE version v2 community VALUE


set snmp traps receiver VALUE version v3


set snmp traps trap VALUE disable


set snmp traps trap VALUE enable


set snmp traps trap-user VALUE


Show Commands:


show snmp traps enabled-traps


show snmp traps polling-frequency


show snmp traps receivers


show snmp traps trap-user


Delete Commands:


delete snmp traps polling-frequency


delete snmp traps receiver VALUE


delete snmp traps trap-user


 







Parameters







Parameter 



Description







snmp agent



on or off to enable or disable.







snmp agent-version



any or v3-Only







location



In SNMP Location String, enter a string that contains the location for the system. The maximum length for the string is 128 characters. That includes letters, numbers, spaces, special characters. For example:  Bldg 1, Floor 3, WAN Lab, Fast Networks, Speedy, CA







contact



In SNMP Contact String, enter a string that contains the contact information for the device. The maximum length for the string is 128 characters. That includes letters, numbers, spaces, special characters. For example:  John Doe, Network Administrator, (111) 222‑3333







snmp address



An interface IP address. If you do not select one at which the SNMP Agent listens and responds to requests, it responds to requests from all interfaces.







community VALUE read-only



Set a string. This is a basic security precaution. The default is public.







community VALUE read-write



Set a string (optional).









 







 







usm user



The range is 1 to 31 alphanumeric characters with no spaces, backslash, or colon characters. This can be the same as a user name for system access.







authNoPriv



The user has only an authentication pass phrase and can connect only without privacy encryption. A user is always created with read-only privilege. This can be changed using the command 
set snmp usm user <name> <usm-read-only / usm-read-write>







authPriv



The user has authentication and privacy pass phrases and can connect with privacy encryption. A user is always created with read-only privilege. This can be changed using the command 
set snmp usm user <name> <usm-read-only / usm-read-write>







auth-pass-
phrase



A password for the user that is between 8 and 128 characters in length.







auth-pass-
phrase-hashed



A hashed password which is the output of the command
show configuration snmp







privacy-pass-
phrase



A pass phrase that is between 8 and 128 characters in length. Used for protection against disclosure of SNMP message payloads.







privacy-pass-
phrase-hashed



A hashed password which is the output of the command
show configuration snmp







usm users



All USM users







traps receiver



IP address selected to receive traps sent by the agent.







community



Set a string







traps trap



The trap name







polling-
frequency



The polling frequency in seconds. Default is 20 seconds.







trap-user



The user which generates the traps.









 







Example



show snmp traps enabled-traps







Output







authorizationError









 







Comments



  • CLI only displays the enabled traps. For all trap types, see table in Configuring SNMP - WebUI.
  • In auth-pass-phrase and privacy-pass-phrase, notice the different options for regular and hashed pass phrase: 
    auth-pass-phrase and auth-pass-phrase-hashed
    privacy-pass-phrase and privacy-pass-phrase-hashed










						

						
							
					 
				

			

				
	

	


	
	

		
			

				

					Top of Page
					©2014 Check Point Software Technologies Ltd. All rights reserved.
					
						Download Complete PDF
						
						Send Feedback
						
						Print