Monitoring; Snmp Monitoring - D-Link NetDefend DFL-210 User Manual
Network security firewall
Hide thumbs
Also See for NetDefend DFL-210:
- User manual (495 pages) ,
- Log reference manual (476 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
2.4. Monitoring
2.4. Monitoring
2.4.1. SNMP Monitoring
Overview
Simple Network Management Protocol (SNMP) is a standardized protocol for management of
network devices. An SNMP compliant client can connect to a network device which supports the
SNMP protocol to query and control it.
NetDefendOS supports SNMP version 1 and version 2. Connection can be made by any SNMP
compliant clients to devices running NetDefendOS. however only query operations are permitted for
security reasons. Specifically, NetDefendOS supports the following SNMP request operations by a
client:
•
The GET REQUEST operation
•
The GET NEXT REQUEST operation
•
The GET BULK REQUEST operation (SNMP Version 2c only)
The NetDefendOS MIB
The Management Information Base (MIB) is a database, usually in the form of a file, which defines
the parameters on a network device that an SNMP client can query or change. The MIB file for a
device running NetDefendOS is distributed with the standard NetDefendOS distribution pack as a
file with the name DFLNNN-TRAP.MIB (where NNN indicates the model number of the firewall)
and this should be transferred to the hard disk of the workstation that will run the SNMP client so it
can be imported by the client software. When the client runs, the MIB file is accessed to inform the
client of the values that can be queried on a NetDefendOS device.
Defining SNMP Access
SNMP access is defined through the definition of a NetDefendOS Remote object with a Mode of
SNMP. The Remote object requires the entry of:
•
Interface - The NetDefendOS interface on which SNMP requests will arrive.
•
Network - The IP address or network from which SNMP requests will come.
•
Community - The community string which provides password security for the accesses.
The Community String
Security for SNMP Versions 1 and 2c is handled by the Community String which is the same as a
password for SNMP access. The Community String should be difficult to guess and therefore be
constructed in the same way that any other password, using combinations of upper and lower case
letters with digits.
Enabling an IP Rule for SNMP
The advanced setting SNMPBeforeRules in the RemoteAdmin section controls if the IP rule set
checks all accesses by SNMP clients. This is by default disabled and the recommendation is to
always enable this setting.
The effect of enabling this setting is to add an invisible Allow rule at the top of the IP rule set which
automatically permits accesses on port 161 from the network and on the interface specified for
Chapter 2. Management and Maintenance
43
Advertisement
Table of Contents
