Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 23100 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Rule needed for SNMP collection?

Bill Roland

I am trying to poll the XG210 via SNMP and I cannot seem to get it to work.  I have enabled the SNMP agent on the XG, added a community, and also ACL allow for SNMP on the LAN zone, but when I attempt to poll it says the port is closed.  Do I have to also create a firewall rule to allow?  The SNMP scan source is on the same LAN as the XG.  Thanks in advance.



This thread was automatically locked due to age.
  • 0

    I have been facing this issue as well. Infact, I even created firewall rule allowing snmp ports but it didnt work. I was using cacti and everytime cacti was giving me snmp error. I was able to perform an snmpwalk through the linux server running the cacti but cacti was not able to poll the XG for snmp data. It was detecting it was online via icmp but nothing on snmp. I had tried with the cacti connected to the LAN and to the WAN, but got same results (and yes snmp was enabled on both LAN and WAN under Device Access)

    Netflow works fine though

  • 0

    Hi Bill,

     

    with addition to what  is suggesting, may you verify if snmp ports are not being blocked by intermediary device aside the XG eg. ACLs,  thanks

     

    let us know how it goes.

     

     

    regards,

     

    Rap

  • +1

    Hi Bill,

    The SNMP does not require the rule in XG only in Cyberoam OS. The option of SNMP is enabled from the device access as per the screen shot below.

    If the ACL rule is added and denied the port 161 then you may create an ACL rule to allow it on top of the others, otherwise, is it not needed. 

  • +1 in reply to Aditya Patel

    For reasons I cannot explain, it suddenly just began working on its own several days after I had given up on it.  I actually wasn't thinking anything else about it but noticed I was getting interface metrics from it in the network monitor I was using.  Go figure....

  • 0

    Hi,

    To SNMP work need to be created a firewall rule for example:

    ANY LAN->ANY LAN service SNMP , more information below;

    For me it works, i hope for you too.

    Thanks

    Create firewall rule to allow SNMP traffic

    1. Navigate to Firewall > Rule > IPv4 Rule.
    2. Click Add.
    3. Complete the form as follows:
      1. Name: Give the rule a name.
      2. Zone: Select the zone (e.g., LAN) where the SNMP server resides.
      3. Network / Host: Select the SNMP server.
      4. Services: Select SNMP.
      5. Schedule: Select All the time.
      6. Action: Select Accept.
      7. Destination: Select either Local or Any Host
    4. Click OK.

    References: kb.cyberoam.com/default.asp