05-27-2022 02:39 AM
Hi ,
I would like to ask about snmp allow rule in ASA. let say our network is like below .
App Server--->switch-->ASA--->SNMP server
I configure snmp configuration in server and switch to send log to snmp server.
I want to know if it is enough one direction rule : traffic source=App server/switch and destionation to SNMP server.
Do i need to add allow snmp server to App server/switch also ?
05-27-2022 02:51 AM - edited 05-27-2022 06:00 AM
@MrBeginner if the SNMP server is on an interface with a lower security level, and the connection is initiated from the lower security level interface then you need to explictly permit the snmp traffic.
11-22-2022 11:15 PM
Hi @Rob Ingram
So it is we only enable one way traffic (port 162 ) from device to snmp server is enough ?
11-23-2022 12:04 AM
@MrBeginner depends on the security level or if you've configured ACL.
SNMP traps (udp/162) are sent from the device (switch/router) to the SNMP server.
SNMP queries (udp/161) are sent from the SNMP server to the device (switch/router).
So you only need to permit as above, the ASA is stateful and will permit the return traffic.
11-25-2022 06:30 PM
Hi @Rob Ingram ,
If i only want to monitor my network device status ( CPU,Memory,Interface up,down ) , it is enought 162 to SNMP server is enough ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide