SNMPv3 tab
The options Enable the agent SNMPv3 (recommended) or SNMPv1/v2c and SNMPv3 make it possible to enable the SNMP v3 module.
Connection to the SNMP agent
| Username | Username used for the connection and for looking up MIBs on the firewall. |
Authentication
| Password | Password of the user who will look up MIBs. This password must comply with the firewall's general password policy defined in the Password policy section in the Configuration module (General configuration tab), and contain at least 8 characters. |
| Algorithm |
The algorithm currently in use appears. A caption will specify whether it is obsolete. To use SHA256, use the following CLI/serverd commands: CONFIG SNMP ACCESS USERV3 username=<username> authtype=SHA256 authpass=<passphrase> |
Encryption (optional)
| Password | SNMP packets are encrypted in DES or AES, and an encryption key can be defined. By default the authentication key will be used. WARNING |
| Algorithm |
The algorithm currently in use appears. A caption will specify whether it is obsolete. To use AES-128, use the following CLI/serverd commands: CONFIG SNMP ACCESS USERV3 username=<username> authtype=SHA256 authpass=<passphrase> privtype=AES privpass=<passphrase> |
Sending SNMPv3 alerts (traps)
Sending traps to hosts takes place in two parts, with the list of hosts on the left, and details on a selected host on the right.
List of SNMP servers
In this screen, you can configure the stations that need to contact the firewall when it needs to send an SNMP trap (event). If no stations (hosts) are specified, the firewall will not send any messages.
A wizard will guide you through the configuration of the hosts.
By clicking to the right of a host name, the objects database will appear, allowing you to select a host.
Server [Name of destination server (object)]
The parameters in the configuration of SNMP v3 events are as follows:
| Port | Port used for sending data to the host (snmptrap by default). |
| Username (securityName) | Name of the user allowed to send traps on the management workstation. Do note that when the server ID below has not been entered (engineID), this user name (securityName) has to be the same as the name used for logging in to the SNMP agent. |
| ID (engineID) | Hexadecimal string created by the management station in order to give the user a unique identification such as 0x0011223344. The engine ID has to be made up of a minimum of 5 bytes and a maximum of 32 bytes. Do note that if this field is empty, the SNMP agent has to be configured to receive an identifier that changes, as it will be automatically generated every time the service restarts. |
| Security level | Several levels of security are available for the version of the SNMP protocol:
|
Authentication settings
| Password | User’s password |
| Algorithm | Two authentication methods are available, MD5 (hash algorithm that calculates a 128-bit digest) and SHA1 (hash algorithm that calculates a 160-bit digest). By default MD5 will be used for authentication. |
Encryption settings
| Password | SNMP packets are encrypted in DES or AES-128, and an encryption key can be set. By default the authentication key will be used. WARNING |