Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
572
Views
0
Helpful
3
Replies

SNMP alerts over VPN Managed Services Provider

Go to solution
JamesBonds
Level 1
Level 1

‎05-17-2017 01:41 AM - edited ‎03-05-2019 08:32 AM

I am setting up a monitoring server which will monitor SNMP alerts for a few different clients. I am a small IT Services company and wanted to learn the correct way to setup this up and to ensure its secure as possible.

I was thinking of setting up a VPN between client and my server monitoring server with firewall on both sides blocking all ports expect for SNMP port 161 to me this seems to the right way to go about it but I would like to know how managed services providers do it?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cj.johnson3cigna
Level 1
Level 1

‎05-30-2017 05:17 AM

You will want to open UDP port 162 in the client --> server direction for SNMP traps for when something occurs on their devices. Additionally, if you want to monitor things like CPU or interface bandwidth utilization you'll want to open UDP 161 in the server --> client direction.

Any SSL or IPSec VPN will work for securely getting the information between the clients and your server. Do you know which type of VPN you will be using?

If security is a prime concern you may also want to use SNMPv3 to ensure that the data in each packet is encrypted even when it's not in the VPN tunnel.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
cj.johnson3cigna
Level 1
Level 1

‎05-30-2017 05:17 AM

You will want to open UDP port 162 in the client --> server direction for SNMP traps for when something occurs on their devices. Additionally, if you want to monitor things like CPU or interface bandwidth utilization you'll want to open UDP 161 in the server --> client direction.

Any SSL or IPSec VPN will work for securely getting the information between the clients and your server. Do you know which type of VPN you will be using?

If security is a prime concern you may also want to use SNMPv3 to ensure that the data in each packet is encrypted even when it's not in the VPN tunnel.

0 Helpful

Go to solution
JamesBonds
Level 1
Level 1
In response to cj.johnson3cigna

‎05-30-2017 05:23 AM

Hi, thanks for you reply I will be using pfsense as the firewall which will have a site to site vpn using IPSec over VPN. The VPN link will have all ports blocked expect for SNMP does this sound a logical setup? I want to be secure and take no chances.

My side of the network will have pfsense and most of the clients have a draytek firewall's at the moment however these will probably get replaced overtime to ASA 5506 firewalls.

0 Helpful

Go to solution
cj.johnson3cigna
Level 1
Level 1
In response to JamesBonds

‎05-30-2017 05:49 AM

Yes, that sounds logical.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card