Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
557
Views
0
Helpful
1
Replies

Unnecessary Traffic from sensor to SNMP server through port "514"

T1171_ronniey
Level 1
Level 1

‎01-05-2016 10:07 PM - edited ‎03-12-2019 05:51 AM

We are currently using sensor (5.2.0.4) . We have configured syslog to server 1 through port 514 and snmp to server 2 through ports 161 and 162. While capturing the firewall traffic we can able to see traffic generating from the sensors to server2 (SNMP which should be port 161 and 162) through port 514.This traffic gets dropped because there is no firewall rule open for this port 514 to snmp server. But we need to fix this issue. 

Steps performed as part of troubleshooting:

1. Verified the IP of the syslog and snmp server in the alert settings in the defense center are correct

2. Verified the IP in the command line \etc\sf\audit_log.conf in the sensor command line are correct

3. Verified inside the policy rules settings also.

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-05-2016 10:45 PM

I am assuming this is FireSight.  5.2.0.4 is not a supported version anymore.  Try upgrading to a supported version first.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card