D-Link DFL-260-IPS-12 Product Manual - Page 68
SNMP Advanced Settings, SNMP Before RulesLimit
View all D-Link DFL-260-IPS-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 68 highlights
2.5.1. SNMP Advanced Settings Chapter 2. Management and Maintenance SNMP access. Port 161 is usually used for SNMP and NetDefendOS always expects SNMP traffic on that port. Remote Access Encryption It should be noted that SNMP Version 1 or 2c access means that the community string will be sent as plain text over a network. This is clearly insecure if a remote client is communicating over the public Internet. It is therefore advisable to have remote access take place over an encrypted VPN tunnel or similarly secure means of communication. Preventing SNMP Overload The advanced setting SNMP Request Limit restricts the number of SNMP requests allowed per second. This can help prevent attacks through SNMP overload. Example 2.14. Enabling SNMP Monitoring This example enables SNMP access through the internal lan interface from the network mgmt-net using the community string Mg1RQqR. (Since the management client is on the internal network it is not required to implement a VPN tunnel for it.) Command-Line Interface gw-world:/> add RemoteManagement RemoteMgmtSNMP my_snmp Interface=lan Network=mgmt-net SNMPGetCommunity=Mg1RQqR Should it be necessary to enable SNMPBeforeRules (which is enabled by default) then the command is: gw-world:/> set Settings RemoteMgmtSettings SNMPBeforeRules=Yes Web Interface 1. Goto System > Remote Management > Add > SNMP management 2. For Remote access type enter: • Name: a suitable name • Community: Mg1RQqR 3. For Access Filter enter: • Interface: lan • Network: mgmt-net 4. Click OK Should it be necessary to enable SNMPBeforeRules (which is enabled by default) then the setting can be found in System > Remote Management > Advanced Settings. 2.5.1. SNMP Advanced Settings The following SNMP advanced settings can be found under the Remote Management section in the WebUI. SNMP Before RulesLimit Enable SNMP traffic to the firewall regardless of configured IP Rules. 68