Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 20 replies
  • Subscribers 6 subscribers
  • Views 24813 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SNMP is not working on UTM 9

Joshua Abbott

He utilize Cacti server for network bandwidth monitoring and packet loss so we can have historical information for our clients. Please hella good when dealing with ISPs and packet loss. :)

We come from a Mikrotik world but one of our clients use a SG135 box. We want to set up the same SNMP monitoring but I for the life of me cannot get it to work. I have enabled the SNMP Query under Management > SNMP. I have tried both v2c and v3 set my allowed networks, and so on. From the Cacti side, all I get is "SNMP error". I have done a tcpdump on the Sophos box and do not see anything coming from my public IP on 161 or anything for that matter. I have gone as far as creating a firewall entry that has source as cacti, service SNMP, and the destination: External (WAN).

I also see that nmap shows 161 as "filtered" from my office as well as well as from the cacti server.

Has anyone heard of or seen this before and can help me out? 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Alexander Busch

    I am connecting from the WAN side. 

  • 0 in reply to Joshua Abbott

    OK, I didn't have done this myself. I'm not sure if you could open a security risk if you open SNMP to WAN.

    But technically it should be possible. Is the result of the test with PortQry changing if you add your WAN network to the allowed networks under SNMP? If not maybe adding of a firewall rule is necessary. 

    Best 

    Alex

    P.S. No IPSEC VPN Tunnel for that?

    -

  • 0 in reply to Alexander Busch

    I have tried to add the External WAN to the allowed networks field with no result or change in behavior. The current allowed network I have listed in the allowed networks is the public IP address of our network monitor. 

    The hosts/networks in the previous screenshots were for testing. Ideally, we will only have the one labeled Skyhawk Netman as an allowed network.

    To define what each is:

    Skyhawk Netman - External to network, bandwidth monitoring server

    Skyhawk - Dude - External to network, PING monitor (Used for up/down alerts for non-Mikrotik devices.)

    Skyhawk Office - External to network, ONLY for testing from my physical location.

    FPCBR01 - Internal to network, internal server. Used to do some testing for our RMM tool. 

     

    To address the lack of VPN concern:

    Our thought process on why an IPSEC tunnel is not necessary at this time is that we are trying to only allow the IP from our network monitor, also using a non-typical community string, and we have not interested in writing to the box, just querying interface statistics. It would be a completely different story if any one of those three reasons changes. As our needs evolve (Or if it is required to expose the box to more than just our monitoring IP.) we will certainly look at something.

  • 0 in reply to Joshua Abbott

    I'm having to work too hard to review the entire thread, Joshua.  Please copy snips of your 'Query' and 'Traps' tabs into a single post (not Imgur) and tell us from which Network/Host you're querying.  Rather than trying to give us the whole picture, let's just focus on one proof point.

    Also, it doesn't make sense that you can see the packets leaving your querying device but not arriving at the UTM.  Are you sure you were listening on the correct NIC?  Is there anything in between the two devices that might block your traffic?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML