Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 868 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to change default SNMP port?

Esrom Lima

By default, the agent's port is 161 and the manager's port is 162, but many internet operators here in Brazil leave this port blocked, which makes it impossible to access the firewall's SNMP. How to change this default port?



This thread was automatically locked due to age.
  • 0

    Hi Esrom,

    Thank you for reaching out to Sophos Community.

    Kindly do the following:

    1. Create an FW rule with the Destination and services set to the custom port instead of 161/162

    2. Create a DNAT with the following setup

    Original Service: Custom Port

    Translated Service[PAT]: 161

    You may refer to the following KB (PAT)

    Sophos Firewall: DNAT/Port forward to an internal server

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Erick Jan

    Hello, thanks for the reply. Just remembering that it is not SNMP for an internal server, but for Sophos itself. Works on LAN

    I did as instructed and let's review the scenario to see if I'm missing something.

    Under Device Access:
    - Access for SNMP is enabled for LAN Zone

    In SNMP:
    - Agent Configuration is Enabled
    - Community and remote ip for access are configured

    Rules:
    - I created a Firewall Rule:
    Origin Zone/Source Device/Destination Zone = Any
    Destination network = #portWAN
    Services = UDP 45161 and UDP 45162

    - I created two NAT Rules
    Rule one:
    Original Source/Incoming Interface = Any
    SNAT = Original
    Original destination = #portWAN
    Original Service = UDP 45161
    DNAT = Sophos LAN ip
    PAT = UDP 161

    Rule two:
    Original Source/Incoming Interface = Any
    SNAT = Original
    Original destination = #portWAN
    Original Service = UDP 45162
    DNAT = Sophos LAN ip
    PAT = UDP 162

    Unsuccessfully unfortunately

  • 0 in reply to Esrom Lima

    In Packet Capture, it is possible to see the packet entering port 45161, but it is not associated with any firewall or nat rule. The firewall rule transfer counter also remains at 0

  • 0 in reply to Esrom Lima

    Still in Packet Capture.

    Status = Violation

    Reason = Local_ACL

    Any way around?

  • 0 in reply to Esrom Lima

    Hi   If you are referring to the setup/scenario where Sophos Firewall is configured as an SNMP agent and you would like to change those hardcoded ports on UI then unfortunately as of we do not have any such way. 




    You may submit feedback to capture comments and requests within the product itself or you may contact your Sophos partner or sales representative directly to discuss this feature details and to provide the feedback to the relevant team.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Unfiltered HTML