How the SNMPv3 can be enabled and configured

Description

SNMP (Simple Network Management Protocol) is a network protocol used over User Datagram Protocol (UDP) that allows network administrators to monitor the status of the SonicWall security appliance and receive notification of critical events as they occur on the network. The SonicWall supports SNMP v1/v2c/v3 and all relevant Management Information Base II (MIB) groups except eg and at. The SonicWall replies to SNMP Get commands for MIBII via any interface and supports a custom SonicWall MIB for generating trap messages. The custom SonicWall MIB is available for download from the mysonicwall.com web site and can be loaded into third-party SNMP management software such as HP Open view, Tivoli or SNMPC


NOTE: SNMP versions 1 and 2c, that these versions are vulnerable and insecure, and is recommended to use of SNMPv3.Ā 

Resolution


Resolution for SonicOS 7.X

This release includes significantĀ user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Enable SNMP and configure SNMP parameters

  • Login to the SonicWall management GUI as admin.
  • Click on DEVICE, navigate to Settings | SNMP.
  • Check the box Enable SNMP, click on Accept.
  • ClickĀ  ConfigureĀ  button and supply the parameters for SNMP
    NOTE: For the SNMP functionality, the Community name should be the same in the SonicWall and the SNMP monitoring software. Get Community Name is considered a credential (secret key) and should be as complex as possible.
    Image    Ā 
  • Click on Advanced Tab and enable the toggle for ā€œMandatory Require SNMPv3ā€ option.
    Image
  • ClickĀ  OK .

Enable SNMP on theĀ SonicWall interface

  1. Ā Login to the SonicWall management GUI as admin.
  2. Click NETWORK, Navigate to System | Interfaces and click on the configure button in front of the LAN & WAN interface.

LAN Interface (X0)

  • In the ManagementĀ section of Edit X0 interface window, check the SNMPĀ box.
  • Click OK.

Image

WAN Interface (X1)


CAUTION: it is not recommended to have SNMP enabled on untrusted networks unless it is a requirement.Ā 


  • In the ManagementĀ section of Edit X1 interface window, check the SNMP box.
  • Click OKĀ .Ā 

Image

Allow SNMP Management

  1. Please login to the SonicWall management GUI as admin.
  2. There are two ways to allow access to SNMP management on an interface's IP address:

Ā 

NOTE: Ā The LAN to WAN access rule is only needed when the admin needs to manage the WAN interface from a LAN PC. Enabling SNMP in the WAN (typically X1) interface should only be done if it is required as per requirement. It is recommended to have strict security policies implemented in such cases. Ā 

Create an explicit access rule; in our example, it's a LAN to WAN rule

  • Click POLICY, navigate toĀ  Rules and Policies | Access Rules.
  • Click AddĀ to create an access rule.
  • Enter specific address objects on Service, Source and Destination fields and click Add



Image




Create an access rule; in our example, it's a LAN to WAN rule

  • Click POLICY, navigate toĀ  Rules and PoliciesĀ  | Access Rules.
  • ClickĀ AddĀ to create an access rule.
  • Leave Service, Source and Destination fields as Any (Default).
  • Check Enable Management.
  • Click Add.
    Image

Image

Resolution for SonicOS 6.5

This release includes significantĀ user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Enable SNMP and configure SNMP parameters

  • Login to the SonicWall management GUI as admin.
  • Click on MANAGE, navigate toĀ Appliance| SNMP.
  • Check the box Enable SNMP, click ACCEPT.
  • ClickĀ  ConfigureĀ  button and supply the parameters for SNMP
    NOTE: For the SNMP functionality, the Community name should be the same in the SonicWall and the SNMP monitoring software. Get Community Name is considered a credential (secret key) and should be as complex as possible.
    Image    Ā 
  • Click on Advanced Tab and enable the toggle for ā€œMandatory Require SNMPv3ā€ option.
    Image
  • ClickĀ  OKĀ .

Enable SNMP on theĀ SonicWall interface

  1. Ā Login to the SonicWall management GUI as admin.
  2. ClickĀ MANAGE,Ā Navigate toĀ Network | InterfacesĀ and click on the configure button in front of the LAN & WAN interface.


LAN Interface (X0)

  • In the ManagementĀ section of Edit X0 interface window, check the SNMPĀ box.
  • Click OK.

Image

WAN Interface (X1)


CAUTION: it is not recommended to have SNMP enabled on untrusted networks unless it is a requirement.Ā 


  • In the ManagementĀ section of Edit X1 interface window, check the SNMP box.
  • Click OK.
    Image

Allow SNMP Management

  1. Please login to the SonicWall management GUI as admin.
  2. There are two ways to allow access to SNMP management on an interface's IP address:

Create an explicit access rule; in our example, it's a LAN to WAN rule


NOTE: The LAN to WAN access rule is only needed when the admin needs to manage the WAN interface from a LAN PC.Ā Enabling SNMP in the WAN (typically X1) interface should only be done if it is required as per requirement. It is recommended to have strict security policies implemented in such cases.Ā Ā 


  • ClickĀ MANAGE, navigate toĀ  RulesĀ  | Access Rules.
  • Click AddĀ to create an access rule.
  • Enter specific address objects on Service, Source and Destination fields.
  • ClickĀ AddĀ .

Image


Create an access rule; in our example, it's a LAN to WAN rule

  • ClickĀ MANAGE, navigate toĀ  RulesĀ  | Access Rules.
  • ClickĀ AddĀ to create an access rule.
  • Leave Service, Source and Destination fields as Any (Default).
  • Check Enable Management.
  • Click Add.
    Image

Configuring SNMP & adding SonicWall unit in PRTG Monitoring softwareĀ 

  • Ā  Open the SNMP software and register the SonicWall. (You can download and install a free edition of PRTG fromĀ http://www.paessler.com/prtg/download).Screen shots for PRTG (V14.2.9.1689) are attached below, just enter the SonicWall appliance's LAN IP address, along with the community string and it will start gathering data from the SonicWall.Select Device tab in the PRTG software. Under Overview ClickĀ Add DeviceĀ button to add your SonicWall device.Image
  • In the device name enterĀ SonicWall TZ 200Ā (You should use the same name which you used in SNMP configuration of SonicWall.
  • In IPV4- Address/DNS NameĀ 192.168.168.168Ā (IP address of the SonicWall interface to which server is connected).
  • Device Icon: SelectĀ Icon.
  • ClickĀ ContinueĀ for next step.
    Image

  • You will find the new device which we added. ClickĀ Add SensorĀ button to select the sensor type.Image
  • SelectĀ SNMPĀ under Technology Used.
  • SelectĀ SNMP TrafficĀ under Matching Sensor Type.
    ImageImage

  • Select the interface for which you would like to monitor traffic. In this scenario selectĀ X0, X1 & W0 interfaceĀ and clickĀ ContinueĀ button:Image

  • Now you can see the sensor information for all the interface with the traffic rate.
    Image

How to Test

  • In order to test the SNMP traffic. Select any one interface to see its traffic rate with graph. Click on X0 interface to see the information as below.
    Image

  • The Live data can be shown in the graph format as below for the X0 interface.
    Image

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
NSa Series
Networking
Firewalls
NSv Series
Networking
Firewalls
TZ Series
Networking
not finding your answers?
Ask the Community