ScreenOS Firewalls (NOT SRX)
Reply
Visitor
vyaaghrah
Posts: 3
Registered: ‎05-06-2008
0
Accepted Solution

Upgrading SSG 550M to SNMPv3

Hi All

 

Need to upgrade the SSG 550M current ver 5.4.0r6.0.  to upgrade to version which supports SNMPv3. Kindlly suggest which version supports the same.

Also i was going through the upgrade procedure have one more query regarding it the upgrade path suggest 5.4.0rx ----> 6.1.0rx.

Does this require any specific version from 5.4 rel before i upgrade to 6.1.

 

Kindly suggest.

abhi

Trusted Expert
AndyC
Posts: 441
Registered: ‎07-08-2008
0

Re: Upgrading SSG 550M to SNMPv3

Hi,

 

No current version of ScreenOS supports SNMP v3 there is only support for v1 & v2c. I have no idea if it will be supported in the future or not.

 

Have a look at the following guide for the recommended upgrade path.

 

http://www.juniper.net/techpubs/software/screenos/screenos6.1.0/upgrade_guide.pdf

 

Regards

 

Andy

JNCIS-FWV
JNCIA-WX
JNCIA-SSL
JNCIA-ER
Visitor
Sohail
Posts: 6
Registered: ‎03-08-2008
0

Re: Upgrading SSG 550M to SNMPv3

Dear friend

 

please note 6.3 support SNMP V3.

 

 

Waseem.ahsan@gmail.com

Contributor
Farhan Ali
Posts: 11
Registered: ‎09-23-2011
0

Re: Upgrading SSG 550M to SNMPv3

Hi Guys,

 

I am just pasting an example configuration for you guys. May be it helps

 

Example: Configuring an SNMPv3 packet

In this example, you (as the root admin) configure an SNMPv3 packet.

WebUI

1. Engine-ID

NOTE: Local engine ID configuration is optional. A local-engine ID is to identify an

SNMP entity. By default, the serial number of the device is assigned as the value of

the local engine ID.

Configuration > Report Settings > SNMPv3: Enter the following settings, then

click Apply:

Local-engine id: netscreen

2. USM User

Configuration > Report Settings > SNMPv3 > USM User > New User: Enter

the following settings, then click OK:

User Name: netscreen

Authentication Type: (select)

Authentication Password: netscreen

Privacy Protocol: (select)

Privacy Password: netscreen

3. View

Configuration > Report Settings > SNMPv3 > VACM > New View: Enter the

following settings, then click OK:

View Name: test-view

Configuration > Report Settings > SNMPv3 >VACM > View Databse Edit:

Enter the following settings, then click Add:

Subtree OID: .1

404 ■ Simple Network Management Protocol

Concepts & Examples ScreenOS Reference Guide

Subtree Mask: FF

Type: (select)

4. Access Group

Configuration > Report Settings > SNMPv3 >VACM > New Access Group:

Enter the following settings, then click OK:

Group Name: test-grp

Security Model: (select)

Security Level: (select)

Read View: (select)

Write View: (select)

Notification View: (select)

5. Group Mapping

Configuration > Report Settings > SNMPv3 > VACM > New Sec-to-group

Mapping: Enter the following settings, then click OK:

Security Model: (select)

User Name: (select)

Community: (read only)

Group Name: (select)

6. Community

NOTE: The community name must be unique.

Configuration > Report Settings > SNMPv3 > Community > New Community:

Enter the following settings, then click OK:

Community Name: public

Tag: public

7. Trap

Configuration > Report Settings > SNMPv3 >Trap > New Filter: Enter the

following settings, then click OK:

Filter Name: test-filter

Configuration > Report Settings > SNMPv3 > Trap > Filter Database Edit:

Enter the following settings, then click Add:

Subtree OID: .1

Subtree Mask: FF

Type: (select)

8. Target Parameter

Configuration > Report Settings > SNMPv3 > Trap > New Target Parameter:

Enter the following settings, then click OK:

Simple Network Management Protocol ■ 405

Chapter 11: Monitoring Security Devices

Target Parameter Name: test-param

Filter Name: (select)

Security Model: (select)

Security Level: (select)

User Name: (select)

9. Target Address

Configuration > Report Settings > SNMPv3 > Trap > New Target Address:

Enter the following settings, then click OK:

Target Name: test-target

Target IPv4 Address/Netmask: 192.168.1.1/32

Trap Port: 162

Target Parameter: (select)

Taglist: (select)

CLI

1. Engine ID

set snmpv3 local-engine id netscreen

2. USM User

set snmpv3 user netscreen auth md5 auth-pass netscreen priv des priv-pass

netscreen

3. View

set snmpv3 view name test-view

set snmpv3 view test-view oid .1 mask FF type include

4. Access Group

set snmpv3 access group test-grp sec-model usm sec-level priv read test-view

5. Group Mapping

set snmpv3 group-mapping sec-model usm user netscreen group test-grp

6. Community

set snmpv3 community public tag public

7. Trap

set snmpv3 filter name test-filter

set snmpv3 filter test-filter oid .1 mask FF type include

8. Target Parameter

set snmpv3 target-param test-param filter test-filter sec-model usm sec-level priv

user netscreen

406 ■ Simple Network Management Protocol

Concepts & Examples ScreenOS Reference Guide

9. Target Address

set snmpv3 target test-target address 192.168.1.1/32 port 162 target-param

test-param



 

Thanks

farhan

Distinguished Expert
echidov
Posts: 858
Registered: ‎11-02-2009
0

Re: Upgrading SSG 550M to SNMPv3

Hi,

 

You should upgrade the boot loader to release 1.0.7 first. The minimal 5.4-th ScreenOS release for a direct jump to the 6.3 is 5.4r8.

Kind regards,
Edouard
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.