Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Verified Answer
  • Replies 9 replies
  • Subscribers 6 subscribers
  • Views 5926 views
  • Users 0 members are here
Options
Suggested

Sophos Switch - SNMP v3

AstaroNBack

I can't find a single how-to or example for setting up SMTPv3.  Does someone have a working example?

I am trying to get SNMP V3 on Sophos CS110-48FP to communicate with a Domontz agent.  (SNMP Polling).

Does switch have and logs which show relevant SNMP logs, why it won't "talk"?  I don't see any on syslog or local.  

SOPHOS, Where is SNMP V3 how to?  -- Features pertaining to security should be completely documented to show BEST PRACTICE.

It seems that Sophos created a switch and integrated it into Central, which is a good thing for the Sophos ecosystem, but has put MINIMAL EFFORT into creating documentation which should provide clear examples of features.

Previously, I called into support for help, and Sophos Switch is NOT on the support menu.  Sophos customer support said that it is not on the menu because there are not many engineers trained to support the product..  I was put through to a FW tech.  - This must be fixed, if Sophos expects customers to purchase additional!

I think the hardware is solid for the price point, and central management is coming along, showing potential.  I appreciate the GUI and realize that this should make it easier for those unfamiliar with Sophos CLI.  No good examples for CLI.  IE: CLI manual shows command syntax, but does noting to put the pieces together.  FRUSTRATING.



Added TAGs
[edited by: Erick Jan at 6:00 AM (GMT -8) on 11 Jan 2024]
Parents
  • 0

    I'm using SolarWinds Real Time Bandwidth Monitor (free) as a tool for getting V3 figured out.  V2, works with this tool, with default community NETMAN.

    For V3, a User must be created with credentials for Privlidge mode, Auth, and Encryption.

    Do we need a Community name specified for V3?  I don't think so, not sure?

    How does Group List, Access, View work / function with V3?  Can Sophos please explain?

    So far, No luck with V3 auth, and I can't find any logging coming from switch?  Is there a CLI command so that it will provide verbose output, like: 

    "SMMP V3, auth fail 10.254.6.2 ........"

  • 0 in reply to AstaroNBack

    Did you check out the docs? https://doc.sophos.com/nsg/switch/help/en-us/userGuide/features/configure/snmp/index.html

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    YES.

    So I've discovered that many SNMP monitoring tools leave MUCH to be desired, and I believe this is related to how they implement or fail to encryption protocols.  No matter what I have tried Domotz has been a royal PIA, and doesn't want to read SNMP data from this switch.  Time to ditch it and move on.  Solarwinds Real Time bandwidth monitor will not play nice with V3 either.  (Depreciated).

    Good news: This tool is the Bomb-digity if you need to test SNMP: https://www.paessler.com/tools/snmptester (free)

    After trying a few iterations, I came to the realization that the BUILT-IN account noAuthUser works with SNMP V3, however there is no Authentication or Encryption working out of the box.

    SOPHOS should make by default provide working examples using best in practice examples, (Auth / Encryption).

    I used the noAuthUser as an example and created a new user IE:TestUser. 

    Note:  Occasionally I tried deleting entries that I created with GUI.  Sometimes I would get a error and the entry would not be removed.  I resorted to the CLI, Conf T, and inserted NO in front of the offending line of configuration, (Like Cisco IOS). 

    I created corresponding entries in Group List, Access List and View List and successfully tested Auth and Encryption with SHA / AES.

    I didn't know I had to create entries in Group, Access, View, I am not a SNMP V3 guru. 

    I will work on creating a Sophos SMNP V3 How-To with Paessler. 

    Finding a reliable / affordable monitoring agent which works with Auth / Encryption is a whole different monkey......

  • 0 in reply to LuCar Toni

    My replies / posts keep getting blocked due to pesky SPAM robot which believes relevant information is junk... ARGH>

    This article for a Cisco product was very helpful in understanding V3, and I was able to see CLI with examples and relate that to how to proceed with Sophos.  networkverge.com/configure-snmpv3-on-cisco-switch

    The Paessler SNMP tester (free) is an invaluable tool for getting real time troubleshooting data.

Reply
  • 0 in reply to LuCar Toni

    My replies / posts keep getting blocked due to pesky SPAM robot which believes relevant information is junk... ARGH>

    This article for a Cisco product was very helpful in understanding V3, and I was able to see CLI with examples and relate that to how to proceed with Sophos.  networkverge.com/configure-snmpv3-on-cisco-switch

    The Paessler SNMP tester (free) is an invaluable tool for getting real time troubleshooting data.

Children
No Data
Unfiltered HTML