Configuring basic components

In order to query SNS firewalls in SNMP, a filter rule must be configured. Only monitoring servers must be allowed to query SNS firewalls in SNMP, and only in read-only mode.

R50 | SNS-SMC | Filter SNMP queries
We recommend allowing only monitoring servers to query SNSfirewalls in SNMP, by using an adapted filter rule.

On SNS firewalls, the parameters Location(syslocation) and Contact(syscontact) found in Configuration > Notifications > SNMP agent > General refer respectively to the physical location of the SNS firewall, and the contact details to use when a failure occurs. By configuring these parameters, it becomes easier to map SNS firewalls in monitoring and alarm tools.

R51 | SNS | Use SNMPv3
SNMP version 3 is recommended as it provides authentication and encryption mechanisms. SNMPv3 can be enabled in Configuration > Notifications > SNMP agent > General.

By configuring the Connection to the SNMP agent field on SNS firewalls in the SNMPv3 tab, the algorithms and passwords used for authentication and encryption can be set.

R52 | SNS | Configure the connection to the SNMP agent
AES is recommended as the encryption algorithm, and SHA1 for hashing. This gives data exchanges an acceptable level of security that does not, however, comply with the RGS. Passwords must comply with the guide Recommendations relating to multifactor authentication and passwords (in French).

On SNS firewalls, when peers are entered in the List of SNMP servers field of the SNMPv3 tab in Notifications > SNMP agent > SNMPv3, the SNS firewall will send SNMP traps to them.

WARNING
SNMP traps that the SNS firewall sends are part of an implicit filter rule. This rule is included in the hosted services rule found in the Implicit rules menu. We recommend disabling this rule in compliance with the chapter on Implicit rules, and replacing it with custom rules.