SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Unable to get SNMP working remotley

    Posted 02-01-2018 06:55

    Hi All

     

    I'm having getting SNMP data from remote servers to my SRX 1500. Locally on the decive snmpwalk works fine. Below are the 2 config settings I have inplace.  On the remote servers its timing out. The server I'm coming from also have a access rule policy allowing it into the firewall. I'm stuck on how to troubleshoot this further.

     

    firewall {
    filter protect-re {
		term snmp {
            from {
                prefix-list {
                    snmp-hosts;
                }
                port snmp;
				protocol udp;
				}
            then {
                accept;
            }
        }
        term accept-all {
            then accept;
        }
    }
}
    snmp {
    community public4ASD21 {
        authorization read-only;
        clients {
			63.17.248.2/32;
                        44.240.68.11/32;
			172.40.0.181/32;
			172.40.0.161/32;
        }
    }
    trap-group snmp-trap-group1 {
        version v2;
        categories {
            authentication;
            chassis;
            link;
            remote-operations;
            routing;
            startup;
            rmon-alarm;
            configuration;
            services;
            chassis-cluster;
        }
        targets {
            44.240.68.11;
	    172.40.0.181;
	    172.40.0.161;
        }
    }
}

    #SNMP


  • 2.  RE: Unable to get SNMP working remotley

     
    Posted 02-01-2018 08:21

    Hi

    Could you check if you have reachability from your NMS/Server to this device? Check if the NMS is able discover this node?

    If yes, enable SNMP traceoptions and try to fetch data from the server & then see what clue does the traceoption debug log gives you.

     

    set snmp traceoptions file snmpd.log
    set snmp traceoptions file size 100m
    set snmp traceoptions file files 5
    set snmp traceoptions flag all

     

     



  • 3.  RE: Unable to get SNMP working remotley
    Best Answer

    Posted 02-02-2018 03:00

    Assuming the SRX is in flow mode, you also need to make sure the interface that your snmp poller hits for the requests is in a zone that allows snmp in the zone settings

     

    security zones security-zone ZONENAME host-inbound-traffic system-services snmp

     

    On the routing side, make sure the return routes to the snmp pollers are going out the SRX in the desired direction. 

    And you might need to explicitly set the source interface for the traffic if it is not working to make sure it is using the desired one.

     

    snmp interface

    snmp trap-options source-address

     



  • 4.  RE: Unable to get SNMP working remotley

    Posted 02-02-2018 08:56

    The below was my issue!

     

    security zones security-zone ZONENAME host-inbound-traffic system-services snmp