Screen OS

Hello,

We have a route based VPN with a remote office. Our side is a SSG140. I´d like to know if it´s possible to redirect only the SNMP traps coming to one of our servers.

Could this be achieved using a policy setting service to SNMP and NAT to redirect?

Thanks in advance.

Bruno

I'm not sure I follow the question.  But I think you are asking if you can control where traps are sent from on the device.

When you create the community, you can choose the source interface that your snmp traps for this community will use as the source to send from.  Using this parameter you would select the interface that is included in the vpn tunnel to the trap server receiver in your case to get the traffic flow you desire.

Configuration > Report Settings > SNMP > Community

Set the source interface parameter

Hi Steve,

The traps I need to redirect are not being generated by the firewall. They are generated at server A, then sent through a VPN tunnel to arrive at server B behind the firewall.

What I would like to know is if it’s possible to redirect only the traps to server C at the same network of server B.

Thanks for your reply!

Best regards,

Bruno

In this situation, I think you can use destination nat on a security policy.

Create the policy from server A with udp 162 (snmp trap port) and destination of the original server A.

In the advanced tab use destination nat to change the ip address to Server C.