Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 40 subscribers
  • Views 2961 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG230: "snmpwalk" utility reaches the device via SNMP v2 but not via SNMP v3

Tomas Z

i enabled SNMP v2 agent on Sophos XG230 and successfully tested it from a remote server:

snmpwalk -v2c -c mycstring 172.16.0.1 1.3.6.1.6.3.10.2.1.1.0
iso.3.6.1.6.3.10.2.1.1.0 = Hex-STRING: xxx

then i enabled SNMP v3 (authentication only, no encryption), but the test fails:

snmpwalk -v3 -u myuser -l authNoPriv -a SHA -A 'mypassphrase' 172.16.0.1 1.3.6.1.6.3.10.2.1.1.0
Timeout: No Response from 172.16.0.1

I doubleshecked that:

username is correct

authorized hosts IP address is correct

SHA256 passphrase is correct

"accept queries" and "send traps" are checked

What else should i doublecheck?



This thread was automatically locked due to age.
Parents
  • +1

    Hi  Thank you for reaching out to the community, based on the information shared I checked in the local LAB device to see how it goes and I got a clue.

    The difference in the non-working and working situations SNMPwalk command is the authentication algorithm argument.

    Please set SHA to SHA256 (as you have set auth with SHA256 as per given details) and re-run the snmpwalk and that should fix the time-out error for you.

    $ snmpwalk -v3 -u vishallabsnmp -l authNoPriv -a SHA -A XXXXXXXXX Y.Y.Y.Y 1.3.6.1.6.3.10.2.1.1.0
    Timeout: No Response from Y.Y.Y.Y

    $ snmpwalk -v3 -u vishallabsnmp -l authNoPriv -a SHA256  -A XXXXXXXXX Y.Y.Y.Y 1.3.6.1.6.3.10.2.1.1.0
    iso.3.6.1.6.3.10.2.1.1.0 = Hex-STRING: 80 00 1F 88 80 C7 1C 78 2A C0 4B F7 63

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Reply
  • +1

    Hi  Thank you for reaching out to the community, based on the information shared I checked in the local LAB device to see how it goes and I got a clue.

    The difference in the non-working and working situations SNMPwalk command is the authentication algorithm argument.

    Please set SHA to SHA256 (as you have set auth with SHA256 as per given details) and re-run the snmpwalk and that should fix the time-out error for you.

    $ snmpwalk -v3 -u vishallabsnmp -l authNoPriv -a SHA -A XXXXXXXXX Y.Y.Y.Y 1.3.6.1.6.3.10.2.1.1.0
    Timeout: No Response from Y.Y.Y.Y

    $ snmpwalk -v3 -u vishallabsnmp -l authNoPriv -a SHA256  -A XXXXXXXXX Y.Y.Y.Y 1.3.6.1.6.3.10.2.1.1.0
    iso.3.6.1.6.3.10.2.1.1.0 = Hex-STRING: 80 00 1F 88 80 C7 1C 78 2A C0 4B F7 63

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Children
No Data
Unfiltered HTML