Table of Contents
Advertisement
The ZoneRanger is only able to process an incoming SNMPv3 Inform if there is a configured
SNMPv3 user or the Inform is using noAuthNoPriv Security Level. When the ZoneRanger is
able to process an incoming SNMPv3 Inform, the ZoneRanger will convert the Inform to an
SNMPv3 Trap, forward the trap based on any configured forwarding rules, and respond to the
client that the Inform was received. ZoneRanger can forward SNMPv3 traps which use any
Security Level regardless of whether or not there is a configured SNMPv3 user.
The Require SNMPv3 users to be configured for notifications checkbox determines whether
or not an SNMPv3 user must be configured on the ZoneRanger in order to validate SNMPv3
traps and informs. If checked, when the ZoneRanger receives a SNMPv3 trap or inform, a valid
SNMPv3 user must be configured in order for ZoneRanger to process the notification. If no
valid SNMPv3 user is found, the trap or inform is discarded.
ZoneRanger receives an SNMPv3 trap or inform, it will attempt to validate the notification
using the configured SNMPv3 users. However, if no valid SNMPv3 user is found, the
ZoneRanger will still process the notification.
However, there are some limitations when SNMPv3 users are not configured for SNMPv3 traps
and informs:
1. The type of notification (trap or inform) cannot be determined for encrypted
2. Encrypted notifications will not match any trap filters using properties of the PDU with
3. The ZoneRanger will not return responses to the client when it receives an SNMPv3
4. Duplicate encrypted notifications will not be discarded on the Ranger Gateway.
Some users may prefer to use an external management application, such as CiscoWorks, to
manage SNMPv3 configuration for DMZ devices. In such cases, you can export the SNMPv3
configuration from the management application, convert the information to the Tavve-specified
XML format, and upload the resulting file to the ZoneRanger.
The uploaded configuration information updates existing target rules and users and adds new
target rules and users. An example (
be found on the Ranger Gateway in the
files adds new rules and modifies existing rules. The new file does not replace the previous set
of rules.
Configuring SNMP Manager information
The Configuration > SNMP page SNMP Manager tab displays a list of target rules that
contain parameters that ZoneRanger requires to obtain SNMP information from managed
devices.
ZoneRanger 5.5 User's Guide
notifications.
the exception of version.
Inform.
) and the schema (
snmp-rules.xml
Directory. Uploading a new SNMP rules
ZRCustom
If unchecked, when the
) can
snmp-rules.xsd
169
Hide quick links:
Advertisement
Table of Contents
