Contents

Related Topics

Enable SNMP Management Stations and Traps

An SNMP trap is an event notification your Firebox sends to an SNMP management station. The trap identifies when a specific condition occurs, such as a value that is more than its predefined threshold. Your device can send a trap for any policy.

An SNMP inform request is similar to a trap, but the receiver sends a response. If your device does not get a response, it sends the inform request again until the SNMP manager sends a response. A trap is sent only once, and the receiver does not send any acknowledgment when it gets the trap.

An inform request is more reliable than a trap because your Firebox knows whether the inform request was received. However, inform requests consume more resources. They are held in memory until the sender gets a response. If an inform request must be sent more than once, the retries increase traffic. Because each sent receipt increases the amount of memory in use on the router and the amount of network traffic, we recommend that you consider whether it is necessary to send a receipt for every SNMP notification.

To enable SNMP inform requests, you must use SNMPv2 or SNMPv3. SNMPv1 supports only traps, not inform requests.

Configure SNMP Management Stations

To configure SNMP management stations, from Fireware Web UI:

  1. Select System > SNMP.
    The SNMP page appears.

Screen shot of the SNMP Settings page

  1. From the SNMP Traps drop-down list, select a trap or inform.
    SNMPv1 supports only traps, not inform requests.
  2. In the SNMP Management Stations text box, type the IP address of your SNMP server. Click Add.
    The IP address appears in the SNMP Management Stations list.
  3. To remove a server from the list, select the entry and click Remove.
  4. Click Save.

To configure SNMP management stations from Policy Manager:

  1. Select Setup > SNMP.
    The SNMP Settings window appears.

Screen shot of the SNMP Settings dialog box

  1. From the SNMP Traps drop-down list, select a trap or inform.
    SNMPv1 supports only traps, not inform requests.
  2. In the SNMP Management Stations text box, type the IP address of your SNMP management station. Click Add.
    The IP address appears in the SNMP Management Stations list.
  3. (Optional) To add more SNMP management stations, repeat Steps 2–3 .
  4. Click OK.

Add an SNMP Policy

To enable your Firebox to receive SNMP polls, you must also add an SNMP policy. 

To add an SNMP policy, from Fireware Web UI:

  1. Select Firewall > Firewall Policies.
  2. Click Add Policy.
  3. From the Packet Filters drop-down list, select SNMP. Click Add Policy.
    The Policy Configuration page appears.
  4. In the Name text box, type a name for the policy.
  5. Select the Enable check box.
  6. In the From section, click Add.
    The Add Member dialog box appears.
  7. From the Member type drop-down list, select Host IP.
  8. In the text box, type the IP address of your SNMP server. Click OK.
  9. From the From list, select Any-Trusted. Click Remove.
  10. In the To section, click Add.
    The Add Member dialog box appears.
  11. From the drop-down list, select Firebox. Click OK.
  12. From the To list, select Any-External. Click Remove.
  13. Click Save.

To add an SNMP policy, from Policy Manager:

  1. Click Policy Manager Add Policy button.
    Or, select Edit > Add Policy.
    The Add Policies dialog box appears.
  2. Expand the Packet Filters list and select SNMP. Click Add.
    The New Policy Properties dialog box appears.
  3. In the From section, click Add.
    The Add Address dialog box appears.
  4. Click Add Other.
    The Add Member dialog box appears.
  5. From the Choose Type drop-down list, select Host IP.
  6. In the Value text box, type the IP address of your SNMP server computer.
  7. Click OK to close the Add Member dialog box.
  8. Click OK to close theAdd Address dialog box.
    The Policy tab of the new policy appears.
  9. In the To section, click Add.
    The Add Address dialog box appears.
  10. In the Available Members list, select Firebox. Click Add.
  11. Click OK on each dialog box to close it. Click Close.
  12. Save the configuration.

Send an SNMP Trap for a Policy

Your Firebox can send an SNMP trap when traffic is filtered by a policy. You must have at least one SNMP management station configured to enable SNMP traps.

To configure a policy to send an SNMP trap, from Fireware Web UI:

  1. Select Firewall > Firewall Policies.
  2. Click a policy.
    Or, select a policy check box and from the Action drop-down list, select Edit Policy.
    The Policy Configuration page appears.
  3. Select the Settings tab.
  4. In the Logging section, select the Send SNMP Trap check box.
  5. Click Save.

To configure a policy to send an SNMP trap, from Policy Manager:

  1. Double-click a policy.
    In the Edit Policy Properties dialog box.
  2. Select the Properties tab.
  3. Click Logging.
    The Logging and Notification dialog box appears.
  4. Select the Send SNMP Trap check box.
  5. Click OK to close the Logging and Notification dialog box.
  6. Click OK to close the Edit Policy Properties dialog box.

See Also

About SNMP

About Management Information Bases (MIBs)

About SNMP Traps for Alarms

Enable SNMP Polling

Give Us Feedback     Get Support     All Product Documentation     Technical Search