SNMP

Allow version

SNMPv1 If this option is selected, the firewall will allow packets corresponding to SNMP version 1.
SNMPv2c If this option is selected, the firewall will allow packets corresponding to SNMP version 2c.
SNMPv3 If this option is selected, the firewall will allow packets corresponding to SNMP version 3.

Allow Empty Field

communityname If this option is selected, you will be allowing SNMP requests with a blank community field (SNMPv1 - SNMPv2c).
Login If this option is selected, you will be allowing SNMP requests with a blank ID field (SNMPv3).

SNMP command management

SNMP commands

This list sets out the SNMP functions allowed by default on the firewall. The action (Allow/Block) applied to each command can be modified by clicking in the Action column. The Modify all commands button allows modifying the action applied to all commands.

Community name

Black list

This table allows listing communities for which SNMP packets will be systematically blocked. You can Add or Delete communities by clicking on the respective buttons.

White list

This table allows listing communities for which SNMP packets will not undergo content inspection. You can Add or Delete communities by clicking on the respective buttons.

buttons

These buttons make it possible to move a community from one table to another.

Identifiers

Black list

This table allows listing IDs for which SNMP packets will be systematically blocked. You can Add or Delete IDs by clicking on the respective buttons.

White list

This table allows listing IDs for which SNMP packets will not undergo content inspection. You can Add or Delete IDs by clicking on the respective buttons.

buttons

These buttons make it possible to move an ID from one grid to another.

OID

Black list

This table allows listing OIDs (Object identifiers) for which SNMP packets will be systematically blocked. You can Add or Delete OIDs by clicking on the respective buttons.

Whenever an OID is specified in this table, all OIDs originating from it will also be blocked.

Example: adding the OID 1.3.6.1.2.1 to the table will imply that OIDs 1.3.6.1.2.1.1, 1.3.6.1.2.1.2, etc... will also be blocked.

White list

This table allows listing OIDs for which SNMP packets will not undergo content inspection. You can Add or Delete OIDs by clicking on the respective buttons.

Whenever an OID is specified in this table, all OIDs originating from it will not undergo content inspection.

Example: adding the OID 1.3.6.1.2.1 to the table will imply that OIDs 1.3.6.1.2.1.1, 1.3.6.1.2.1.2, etc... will also be whitelisted.

buttons

These buttons make it possible to move an OID from one table to another.

Support

Disable intrusion prevention When this option is selected, the scan of the SNMP protocol will be disabled and traffic will be authorized if the filter policy allows it
Log every SNMP query Enables or disables the logging of SNMP requests.
Automatically detect and inspect the protocol If this protocol is enabled, the inspection function will automatically apply to discover corresponding traffic that filter rules allow.