How to use SNMP Net Monitoring with Email Security

12/20/2019 13 13485

DESCRIPTION:
How to use SNMP Net Monitoring with Email Security

RESOLUTION:

Introduction

Email Security Appliances have the ability to be monitored using the Simple Network Management Protocol (SNMP), this document describes what SNMP is and how it can be used to monitor Email Security components including disk space and total bandwidth.

What is SNMP

SNMP is the Simple Network Management Protocol. The SNMP protocol is used by network management systems to communicate with network elements. For this to work, the network element must be equipped with an SNMP agent. SonicWall has put an SNMP Agent into the SonicWall Global Management System (SGMS) product, which can be found in the Monitor tab option “Net Monitor”. SNMP messages may be initiated by either the network management system (like GMS Net Monitor) or by the network element. AnSNMP TRAP is a message which is initiated by a network element and sent to the network management system. The SNMP GET is amessage which is initiated by the network management system when it wants to retrieve some data from a network element. An SNMP SET is a message which is initiated by the network management system when it wants to change data on a network element. The SNMP MIB, or Management Information Base, is a collection of variables which is shared between the network management system and the network element. The MIB is extensible, which means that hardware and software manufacturers can add new variables to the MIB. These new MIB definitions must be added both to the network element and to the network management system.

The Email Security Appliance listens to the variables listed within the following MIB’s

The most basic form of SNMP security is the Community String, SNMP Community Strings are like passwords for network elements. There is one community string which is used for read-only access to the Email Security Appliance. The default value for this communitystring in the Email Security Appliance is "snwl". Using this community string like a password, the network management system can retrieve data from the Email Security Appliance.

Activating SNMP on the Email Security Appliance

Enabling SNMP can only be done from within the CommandLine Interface of the Email Security Appliance. The following steps describe how to log into the Command LineInterface of the Email Security Appliance.

1. Launch a remote shell client such as PuTTY.
2. Use host snwlcli@<IP Address>
   where snwlcli is the username for shell access and IP Address represents the address of your Email Security Appliance.
3. Click Yes to accept the Certificate. (This step is only needed the first time accessing the appliance via secure shell.)
4. Enter the GUI Username at Login.
5. Use the GUI Password at the Password prompt.

After being logged into the CLI, use the option SNMP on to enable the SNMP service and, in the same way, it is possible to disable SNMP by using the option SNMP off to disable the SNMP service.

Configuring SGMS Net Monitor

It is necessary to setup the SNMP Agent so that it can access the Email Security Appliance and read the information sent using theSNMP protocol. The agent we use is the SonicWall Global Management System Net Monitor. Follow these steps to add theEmail Security Appliance to the SNMP Net Monitor of SGMS. The SonicWall Global Management System Net Monitor will be used as the SNMP agent within this document.

Follow these steps to set up Net Monitor:

1. Go to the Monitor tab and select Net Monitor.
2. Add a Non GMS Device.
3. Enter the name and IP address of the Email Security Appliance and press the Add button.
4. Press Next.
5. Select Monitor Type: SNMP.
6. Press the Advanced button.
7. Set the Community name to “snwl”.
8. Select the MIB’s RFC1213-MIB and UCD-SNMP-MIB.
9. The Pending Interval is optional.
10. Press the Finish button. The GMS system will acquire the Email Security Appliance within the Net Monitor after this is done.

Read the System Information

To retrieve the system information from the Email Security Appliance, it will be necessary to set the correct SNMP Get requests in theSNMP Agent. These SNMP Get requests will use Object ID’s (OID) to filter the data from the unit.

Follow these steps to enable SGMS Net Monitor to read the system information from the Email Security Appliance:

1. Right click the Email Security Icon on the GMS Net Monitor.
2. Go to SNMP Options and click SNMP Manage Realtime Monitor.
3. Use the following Object ID to retrieve the system information from the Email Security Appliance:
   • For the Operating System, use .iso.org.dod.internet.mgmt.mib-2.system.sysDescr[. 1.3.6.1.2.1.1.1 ]
   • For total Uptime, use .iso.org.dod.internet.mgmt.mib-2.system.sysUptime[.1.3.6.1.2.1.1.3]
   • For the Hostname, use .iso.org.dod.internet.mgmt.mib-2.system.sysName[.1.3.6.1.2.1.1.5]
4. Set a Name for this Net Monitor topic and press the Apply button. This will read out the System information and enable easy identification of the Email Security Appliance when multiple Email Security Appliances are monitored and scheduled for sending out reports with information retrieved via the SNMP Agent.

Setup Disk Space Monitoring via SNMP

1. Right click the Email Security Icon on the GMS Net Monitor.
2. Go to SNMP Options and click SNMP Manage Realtime Monitor.
3. Use the following Object ID to retrieve the disk space information:
   • For the Total Available Disk Space, use .iso.org.dod.internet.private.enterprises.ucdavis.dskTable.dskEntry.dskTotal & .iso.org.dod.internet.private.enterprises.ucdavis.dskTable.dskEntry.dskAvail [.1.3.6.1.4.1.2021.9.1.6 & .1.3.6.1.4.1.2021.9.1.7]
   • For Total Used Disk Space, use .iso.org.dod.internet.private.enterprises.ucdavis.dskTable.dskEntry.dskTotal &.iso.org.dod.internet.private.enterprises.ucdavis.dskTable.dskEntry.dskUsed [.1.3.6.1.4.1.2021.9.1.6 &.1.3.6.1.4.1.2021.9.1.8]
4. Set a Name for this Net Monitor topic and press the Apply button.

Get a Bandwidth Reading for the Interface and the Loopback

Similar to Disk Space Monitoring, Bandwidth Monitoring requires combining several Object ID’s to get a clear reading from the Email Security Appliance. We will use the plot chart to illustrate the Bandwidth at the moment of the SNMP Get request as the bandwidth is changing constantly. The Email Security Appliance is equipped with 2 network ports where only one (ETH0) is used for the traffic to and from the Email Security Appliance. The other port is the Local Host port for connectivity to the MTA, Firebird and the Hourly batch processes. These steps explain how to retrieve the bidirectional bandwidth data for ETH0 and the Local Host port.

1. Right click the Email Security Icon on the GMS Net Monitor.
2. Go to SNMP Options and click SNMP Manage Realtime Monitor.
3. Use the following Object ID to retrieve the bandwidth information:
   • For the ETH0 Bandwidth, use .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr.1 &.iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInOctets.1 &.iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifOutOctets.1[.1.3.6.1.2.1.2.2.1.2.1 & .1.3.6.1.2.1.2.2.1.10.1 &.1.3.6.1.2.1.2.2.1.16.1]
   • For the Local Host Bandwidth, use .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr.3 &.iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInOctets.3 &.iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifOutOctets.3[.1.3.6.1.2.1.2.2.1.2.3 & .1.3.6.1.2.1.2.2.1.10.3 &.1.3.6.1.2.1.2.2.1.16.3]
4. Set a Name for this Net Monitor topic and press the Apply button.

Created by P. van Herten
Edited by J.Spoor