Configuring SNMPv3 in SonicOS (5.9/6.1 & above)
03/26/2020 46 16824
Simple Network Management Protocol Version 3 (SNMPv3) is an interoperable Standards- based protocol for network management. SNMPv3 provides secure access to device by a combination of authenticating and encrypting packets over the network.
The security features provided in SNMPv3 are
- Message integrity Ensuring that a packet has not been tampered with in-transit.
- Authentication Determining the message is from a valid source.
- Encryption Scrambling the contents of a packet prevent it from being seen by an unauthorized source.
Before SNMPv3, all data was transmitted in the clear and subject to monitoring and alteration by unauthorized users. Version 3 supports various encryption methods. We recommend users never use DES 56-bit encryption as this is very easy to decrypt. AES 128-bit is the preferred method.
- Support USM (User-based Security Model, RFC3414) for SNMPv3 .
- Support View-Based Access Control Model (VACM, RFC3415) for SNMPv3.
- Support Administrative Framework (RFC3411) for SNMPv3 .
- Does not support notification destinations.
- Does not support proxy relationships.
- Does not support remotely configurable via SNMP operations.
Enable SNMP and configure SNMP parameters
Please login to the SonicWall management GUI as admin.
Creating SNMP User, Group & Access
Adding User with Group
- Navigate toMANAGE | Appliance |SNMP, Click Add User button under Users/Group.
- User Name: NEW SNMP User(Type any friendly name which you would like to use for SNMP).
- Security Level: Authentication and Privacy (Select the level which you would like to use).
- Authentication Method: SHA1(Select the method which you would like to use).
- Authentication Key: user12345( type the key which you would like to use But it should be more than 8 characters).
- Encryption Method: AES(Select the method which you would like to use).
- Privacy Key: password123 (type any key which you would like to use).
- Group: SNMP Group (Select the group which you would like to add this user).
- Click OK.
Creating Access for SNMP
- Navigate to MANAGE | Appliance |SNMP Click Add button under Access.
- Access Name: New SNMP Access (Type any name which you would like to use).
- Read View: root .
- Master SNMPv3 Group: SNMP Group (Select any group which you would like to use).
- Access Security Level: Authentication and Privacy (Select the level of security for SNMP).
- Click OK .
Enable SNMP on the SonicWall interface
Navigate to MANAGE| Network | Interfaces and click on the configure button in front of the LAN & WAN interface.
LAN Interface (X0)
- In the Management' section of Edit X0 interface window, check the SNMP' box.
- Click OK .
WAN Interface (X1)
- In the Management section of Edit X1 interface window, check the SNMP box.
- Click OK'.
Configuring SNMP & adding SonicWall unit in PRTG Monitoring software
- Open the SNMP software and register the SonicWall. (You can download and install a free edition of PRTG from http://www.paessler.com/prtg/download).
- Screenshots for PRTG (V22.214.171.1249) are attached below, just enter the SonicWall appliance's LAN IP address, along with the community string and it will start gathering data from the SonicWall.
- Select Device tab in the PRTG software. Under Overview Click Add Device button to add your SonicWall device.
- In the device name enter SonicWall TZ 200 You should use the same name which you used in SNMP configuration of SonicWall.
- In IPV4- Address/DNS Name 192.168.168.168 (IP address of the SonicWall interface to which server is connected).
- Device Icon: Select Icon.
- Click Continue for next step.
- You will find the new device which we added. Click Add Sensor button to select the sensor type.
- Select SNMP under Technology Used.
- Select SNMP Traffic under Matching Sensor Type.
Under Credentials For SNMP Devices
Disable Inherit option and configure SNMP as below
- SNMP Version: V3.
- Authentication Type: MD5 (Select the Authentication method which you configured in SonicWall).
- User: User1 (Type the user which you created in SonicWall).
- Password: user12345 (Type Authentication Key which you configured in SonicWall).
- Encryption Type: DES (Select the Encryption method which you configured in SonicWall).
- Data Encryption Key: password123 (Type the Privacy Key which you configured in SonicWall).
- SNMP Port: 161.
- SNMP Timeout: 5.
- Click Continue button to save the configuration.
- Select the interface for which you would like to monitor traffic. In this scenario select X0, X1 & W0 interface and click Continue button.
- Now you can see the sensor information for all the interface with the traffic rate.
How to Test
- In order to test the SNMP traffic. Select any one interface to see its traffic rate with graph. Click on X0 interface to see the information as below.
- The Live data can be shown in the graph format as below for the X0 interface.