SNMPv3 tab

The options Enable the agent SNMPv3 (recommended) or SNMPv1/v2c et SNMPv3 allow enabling the SNMP v3 module.

Connection to the SNMP agent

Username Username used for the connection and for looking up MIBs on the firewall.

Authentication

Password Password of the user who will look up MIBs.
This password must comply with the firewall's general password policy defined in the Password policy section in the Configuration module (General configuration tab), and contain at least 8 characters.
Algorithm Two authentication methods are available, MD5 (hash algorithm that calculates a 128-bit digest) and SHA1 (hash algorithm that calculates a 160-bit digest). By default MD5 will be used for authentication.

Encryption (optional)

Password SNMP packets are encrypted in DES or AES, and an encryption key can be defined. By default the authentication key will be used.

WARNING
You are strongly advised to use a specific key.
Algorithm The two encryption methods possible are DES and AES. By default DES is used for encryption.

Sending of SNMPv3 alerts (traps)

Sending traps to hosts consists of 2 parts, with the list of hosts on the left and details of a selected host on the right.

List of SNMP servers

In this screen, you can configure the stations that need to contact the firewall when it needs to send an SNMP Trap (event). If no stations (hosts) are specified, the firewall will not send any messages.

A wizard will guide you through the configuration of the hosts.

By clicking to the right of a host name, the objects database will appear, allowing you to select a host.

Server [Name of destination server (object)]

The parameters in the configuration of SNMP V3 events are as follows:

Port

Port used for sending data to the host (snmptrap by default).
Username (securityName) Name of the user allowed to send traps on the management station.
Please note that when the server's ID below has not been entered (engineID), this user name (securityName) has to be the same as the name used for logging on to the SNMP agent.
ID (engineID) Hexadecimal string created by the management station in order to give the user a unique identification such as 0x0011223344. The engine ID has to be made up of a minimum of 5 bytes and a maximum of 32 bytes.
Please note that if this field is empty, the SNMP agent has to be configured to receive an identifier that changes as it will be automatically generated each time the service starts.
Security level Several levels of security are available for the version of the SNMP protocol:
  • None: no security. The sections “Security Level: authentication” and “Security level: Encryption” are grayed out.
  • Authentication, no encryption: authentication of traps without encryption.
  • Authentication and encryption: if the encryption password is not defined, the authentication password will be used for encryption.

Authentication settings

Password User’s password
Algorithm Two authentication methods are available, MD5 (hash algorithm that calculates a 128-bit digest) and SHA1 (hash algorithm that calculates a 160-bit digest). By default MD5 will be used for authentication.

Encryption settings

Password SNMP packets are encrypted in DES or AES-128, and an encryption key can be defined. By default the authentication key will be used.

WARNING
You are strongly advised to use a specific key.
Algorithm The two encryption methods possible are DES and AES-128. By default AES-128 is used for encryption.