This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SNMP is not working on UTM 9

He utilize Cacti server for network bandwidth monitoring and packet loss so we can have historical information for our clients. Please hella good when dealing with ISPs and packet loss. :)

We come from a Mikrotik world but one of our clients use a SG135 box. We want to set up the same SNMP monitoring but I for the life of me cannot get it to work. I have enabled the SNMP Query under Management > SNMP. I have tried both v2c and v3 set my allowed networks, and so on. From the Cacti side, all I get is "SNMP error". I have done a tcpdump on the Sophos box and do not see anything coming from my public IP on 161 or anything for that matter. I have gone as far as creating a firewall entry that has source as cacti, service SNMP, and the destination: External (WAN).

I also see that nmap shows 161 as "filtered" from my office as well as well as from the cacti server.

Has anyone heard of or seen this before and can help me out?

This thread was automatically locked due to age.

Top Replies

Megachip over 4 years ago in reply to Megachip +1

Finally found the issue. There was a Site-to-Site VPN configured wrongly on the remote site which creates a back route for the server network through the VPN. The response packages never find their way…

Parents

0 JosefBergmann over 4 years ago

Hi Joshua,

I had Cacti with a few Sophos SG Boxes running.

On the SG you only need to setup Management -> SNMP (try first with SNMP v2c) with the IP of the Cacti host covered by a entry in "Allowed Networks". There is no need for any additional firewall rules.

In Cacti add the device with the host template "und/net SNMP Host" (Version 2, Port 161).

If you don't see coming anything from you public IP when sniffing with tcpdump on the Sophos box, then there must be a problem anywhere between your cacti box and the SG. Hint, some providers filter SNMP (UDP/161) in there customers networks.

bye Josef

BERGMANN engineering & consulting GmbH, Wien/Austria
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 JosefBergmann over 4 years ago

Hi Joshua,

I had Cacti with a few Sophos SG Boxes running.

On the SG you only need to setup Management -> SNMP (try first with SNMP v2c) with the IP of the Cacti host covered by a entry in "Allowed Networks". There is no need for any additional firewall rules.

In Cacti add the device with the host template "und/net SNMP Host" (Version 2, Port 161).

If you don't see coming anything from you public IP when sniffing with tcpdump on the Sophos box, then there must be a problem anywhere between your cacti box and the SG. Hint, some providers filter SNMP (UDP/161) in there customers networks.

bye Josef

BERGMANN engineering & consulting GmbH, Wien/Austria
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data