Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 11830 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

cannot access SNMP through VPN

Mast_01

Hello,

i'm having an issue trying to access the SNMP of a XG firewall in a branch office from the head office via VPN, XG is MR7

  • SNMP is enabled and a community is created with v1 and v2c, no traps, with the ip of the HO management station
  • device access has SNMP enabled for the VPN zone
  • there's a system IPSEC route for the entire HO network
  • there's a system nat rule for the mgmgt ip to the XG
  • PF rules in both side allow ALL traffice btetween HO to BO and BO to HO

tcpdump is showing NO snmp packets arriving from the management station on HO, yet ping and other services do work

If i add a community with a local BO IP then snmp works perfectly.

i've seen other threads asking the same issue but they got all solved by one of the steps i already have in place

What am i missing?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Scott_D_L

    Hey  

    To provide an update to this thread for the rest of the community, this SNMP over IPsec VPN issue is related to the bug ID (NC-16090). The fix for this is tentatively scheduled to be included in the next SFOS 17.1 firmware release.

    A temporary workaround for this issue in the meantime involves bypassing the related IP's from the advanced firewall. Ex: Commands inputted on the CLI of the HO XG - (console> set advanced-firewall bypass-stateful-firewall-config add source_host x.x.x.x dest_host x.x.x.x) - first x.x.x.x being the IP of the HO SNMP Polling Manager and the second x.x.x.x being the IP of the BO SNMP Agent. 

    Best,