Configuring SNMPv3 in SonicOS (5.9/6.1 & above)
03/26/2020 
49 
18186
DESCRIPTION:
Simple Network Management Protocol Version 3 (SNMPv3) is an interoperable Standards- based protocol for network management. SNMPv3 provides secure access to device by a combination of authenticating and encrypting packets over the network.
The security features provided in SNMPv3 are
- Message integrity Ensuring that a packet has not been tampered with in-transit.
- Authentication Determining the message is from a valid source.
- Encryption Scrambling the contents of a packet prevent it from being seen by an unauthorized source.
Before SNMPv3, all data was transmitted in the clear and subject to monitoring and alteration by unauthorized users. Version 3 supports various encryption methods. We recommend users never use DES 56-bit encryption as this is very easy to decrypt. AES 128-bit is the preferred method.
Feature Functions
- Support USM (User-based Security Model, RFC3414) for SNMPv3 .
- Support View-Based Access Control Model (VACM, RFC3415) for SNMPv3.
- Support Administrative Framework (RFC3411) for SNMPv3 .
Feature Limitations
- Does not support notification destinations.
- Does not support proxy relationships.
- Does not support remotely configurable via SNMP operations.
RESOLUTION:
Enable SNMP and configure SNMP parameters
Please login to the SonicWall management GUI as admin.
Creating SNMP User, Group & Access
Adding User with Group
- Navigate toMANAGE | Appliance |SNMP, Click Add User button under Users/Group.
- User Name: NEW SNMP User(Type any friendly name which you would like to use for SNMP).
- Security Level: Authentication and Privacy (Select the level which you would like to use).
- Authentication Method: SHA1(Select the method which you would like to use).
- Authentication Key: user12345( type the key which you would like to use But it should be more than 8 characters).
- Encryption Method: AES(Select the method which you would like to use).
- Privacy Key: password123 (type any key which you would like to use).
- Group: SNMP Group (Select the group which you would like to add this user).
- Click OK.
Creating Access for SNMP
- Navigate to MANAGE | Appliance |SNMP Click Add button under Access.
- Access Name: New SNMP Access (Type any name which you would like to use).
- Read View: root .
- Master SNMPv3 Group: SNMP Group (Select any group which you would like to use).
- Access Security Level: Authentication and Privacy (Select the level of security for SNMP).
- Click OK .
Enable SNMP on the SonicWall interface
Navigate to MANAGE| Network | Interfaces and click on the configure button in front of the LAN & WAN interface.
LAN Interface (X0)
- In the Management' section of Edit X0 interface window, check the SNMP' box.
- Click OK .
WAN Interface (X1)
- In the Management section of Edit X1 interface window, check the SNMP box.
- Click OK'.
Configuring SNMP & adding SonicWall unit in PRTG Monitoring software
- Open the SNMP software and register the SonicWall. (You can download and install a free edition of PRTG from http://www.paessler.com/prtg/download).
- Screenshots for PRTG (V14.2.9.1689) are attached below, just enter the SonicWall appliance's LAN IP address, along with the community string and it will start gathering data from the SonicWall.
- Select Device tab in the PRTG software. Under Overview Click Add Device button to add your SonicWall device.
- In the device name enter SonicWall TZ 200 You should use the same name which you used in SNMP configuration of SonicWall.
- In IPV4- Address/DNS Name 192.168.168.168 (IP address of the SonicWall interface to which server is connected).
- Device Icon: Select Icon.
- Click Continue for next step.
- You will find the new device which we added. Click Add Sensor button to select the sensor type.
- Select SNMP under Technology Used.
- Select SNMP Traffic under Matching Sensor Type.
Under Credentials For SNMP Devices
Disable Inherit option and configure SNMP as below
- SNMP Version: V3.
- Authentication Type: MD5 (Select the Authentication method which you configured in SonicWall).
- User: User1 (Type the user which you created in SonicWall).
- Password: user12345 (Type Authentication Key which you configured in SonicWall).
- Encryption Type: DES (Select the Encryption method which you configured in SonicWall).
- Data Encryption Key: password123 (Type the Privacy Key which you configured in SonicWall).
- SNMP Port: 161.
- SNMP Timeout: 5.
- Click Continue button to save the configuration.
- Select the interface for which you would like to monitor traffic. In this scenario select X0, X1 & W0 interface and click Continue button.
- Now you can see the sensor information for all the interface with the traffic rate.
How to Test
- In order to test the SNMP traffic. Select any one interface to see its traffic rate with graph. Click on X0 interface to see the information as below.
- The Live data can be shown in the graph format as below for the X0 interface.
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Email SecurityProtect against today’s advanced email threats
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
NOTE: For the SNMP functionality, the Community name should be the same in the SonicWall and the SNMP monitoring software.