Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  SSG140 SNMP over Internet

    Posted 11-17-2016 04:20
    Hi,

    I've been trying to configure Snmp on ssg140 over public/Internet to monitor on SolarWinds server.

    Got this message on ssg 'SNMP request from an unknown SNMP community aaa at X.X.X.X:xxxx has been received.'
    But SolarWinds server failed to poll anything from the router, seems the request not thru or the router not allows the request.
    Is it possible to do this over Internet? Or did I miss something?
    Any help would be appreciated.
    Thanks.


  • 2.  RE: SSG140 SNMP over Internet

    Posted 11-18-2016 06:14

    Hi,

     

    Please follow the KB and make sure you have same configuration accordingly.

     

    Thanks,

    Vikas



  • 3.  RE: SSG140 SNMP over Internet

    Posted 11-19-2016 05:28 
    SNMP request from an unknown SNMP community aaa

    This probably means that the community configuration does not match your Solarwinds setup.  Please check the following.

     

    community

    Configuration > Report Settings > SNMP

    Create or edit your community name aaa

     

    You should also restrict this community to the ip address that your solarwinds has for NAT on the internet so only this device will be allowed to poll

     

    allow snmp on interface

     

    Network > Interfaces > List

     

    edit the interface that the SNMP request will come in on

    Check that SNMP is allowed on this interface

     

     

     



  • 4.  RE: SSG140 SNMP over Internet

    Posted 11-19-2016 07:55

    Hi,

    Thanks for the reply.

    I have 18 SRX, 8 Cisco and 20+ SSG140. All SRX and Cisco are working fine, but none SSG140 are working.

    I did on SSG before but over VPN, it worked. So, I don't think this is something to do with my configurations. I was wondering why they were not working over Internet. 

     

    rgds.  

     

     

     



  • 5.  RE: SSG140 SNMP over Internet

     
    Posted 11-19-2016 20:51

    Hi,

     

    Generally you get this event log when  IP address of the SNMP server not being configured in the device configuration.

    Please refer this KB article:

     

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB26262&actp=search

     

    As you are trying to poll via the internet, it would be coming from NAT IP address. So, hope you have configured the NAT IP address in the community configuration.

     

    Even after this you are facing the same issue then I would suggest you to log a case with us (JTAC) we will troubleshoot this issue further.

     

    Regards,

    Rishi



  • 6.  RE: SSG140 SNMP over Internet

    Posted 11-20-2016 02:54

    There are two changes you need to make in your configuration for this public interface to allow SNMP from your Solarwinds sever.

     

    1-community - Add Solarwinds NAT ip address

    Configuration > Report Settings > SNMP

    Create or edit your community name aaa

     

    2-allow snmp on interface connected to the internet that you are polling

     

    Network > Interfaces > List

     

    edit the interface that the SNMP request will come in on

    Check that SNMP is allowed on this interface



  • 7.  RE: SSG140 SNMP over Internet
    Best Answer

    Posted 12-07-2016 00:08

    HI,

     

    Found the solution.

    Actually the firewall detects WAN ip not NAT ip, so what i did was configure the host ip with WAN ip. 

    Thanks for the help, really appreciate it.

     

    rgds.