Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG230: "snmpwalk" utility reaches the device via SNMP v2 but not via SNMP v3

i enabled SNMP v2 agent on Sophos XG230 and successfully tested it from a remote server:

snmpwalk -v2c -c mycstring 172.16.0.1 1.3.6.1.6.3.10.2.1.1.0
iso.3.6.1.6.3.10.2.1.1.0 = Hex-STRING: xxx

then i enabled SNMP v3 (authentication only, no encryption), but the test fails:

snmpwalk -v3 -u myuser -l authNoPriv -a SHA -A 'mypassphrase' 172.16.0.1 1.3.6.1.6.3.10.2.1.1.0
Timeout: No Response from 172.16.0.1

I doubleshecked that:

username is correct

authorized hosts IP address is correct

SHA256 passphrase is correct

"accept queries" and "send traps" are checked

What else should i doublecheck?



This thread was automatically locked due to age.
Parents
  • Hi  Thank you for reaching out to the community, based on the information shared I checked in the local LAB device to see how it goes and I got a clue.

    The difference in the non-working and working situations SNMPwalk command is the authentication algorithm argument.

    Please set SHA to SHA256 (as you have set auth with SHA256 as per given details) and re-run the snmpwalk and that should fix the time-out error for you.

    $ snmpwalk -v3 -u vishallabsnmp -l authNoPriv -a SHA -A XXXXXXXXX Y.Y.Y.Y 1.3.6.1.6.3.10.2.1.1.0
    Timeout: No Response from Y.Y.Y.Y

    $ snmpwalk -v3 -u vishallabsnmp -l authNoPriv -a SHA256  -A XXXXXXXXX Y.Y.Y.Y 1.3.6.1.6.3.10.2.1.1.0
    iso.3.6.1.6.3.10.2.1.1.0 = Hex-STRING: 80 00 1F 88 80 C7 1C 78 2A C0 4B F7 63

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Reply
  • Hi  Thank you for reaching out to the community, based on the information shared I checked in the local LAB device to see how it goes and I got a clue.

    The difference in the non-working and working situations SNMPwalk command is the authentication algorithm argument.

    Please set SHA to SHA256 (as you have set auth with SHA256 as per given details) and re-run the snmpwalk and that should fix the time-out error for you.

    $ snmpwalk -v3 -u vishallabsnmp -l authNoPriv -a SHA -A XXXXXXXXX Y.Y.Y.Y 1.3.6.1.6.3.10.2.1.1.0
    Timeout: No Response from Y.Y.Y.Y

    $ snmpwalk -v3 -u vishallabsnmp -l authNoPriv -a SHA256  -A XXXXXXXXX Y.Y.Y.Y 1.3.6.1.6.3.10.2.1.1.0
    iso.3.6.1.6.3.10.2.1.1.0 = Hex-STRING: 80 00 1F 88 80 C7 1C 78 2A C0 4B F7 63

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Children
No Data