D-Link DFL-260 Product Manual - Page 67
SNMP Monitoring, Simple Network Management Protocol, GET REQUEST, GET NEXT REQUEST
UPC - 790069296802
View all D-Link DFL-260 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 67 highlights
2.5. SNMP Monitoring Chapter 2. Management and Maintenance 2.5. SNMP Monitoring Overview Simple Network Management Protocol (SNMP) is a standardized protocol for management of network devices. An SNMP compliant client can connect to a network device which supports the SNMP protocol to query and control it. NetDefendOS supports SNMP version 1 and version 2. Connection can be made by any SNMP compliant clients to devices running NetDefendOS. however only query operations are permitted for security reasons. Specifically, NetDefendOS supports the following SNMP request operations by a client: • The GET REQUEST operation • The GET NEXT REQUEST operation • The GET BULK REQUEST operation (SNMP Version 2c only) The NetDefendOS MIB The Management Information Base (MIB) is a database, usually in the form of a file, which defines the parameters on a network device that an SNMP client can query or change. The MIB file for a device running NetDefendOS is distributed with the standard NetDefendOS distribution pack as a file with the name DFLNNN-TRAP.MIB (where NNN indicates the model number of the firewall) and this should be transferred to the hard disk of the workstation that will run the SNMP client so it can be imported by the client software. When the client runs, the MIB file is accessed to inform the client of the values that can be queried on a NetDefendOS device. Defining SNMP Access SNMP access is defined through the definition of a NetDefendOS Remote object with a Mode value of SNMP. The Remote object requires the entry of: • Interface - The NetDefendOS interface on which SNMP requests will arrive. • Network - The IP address or network from which SNMP requests will come. • Community - The community string which provides password security for the accesses. The Community String Security for SNMP Versions 1 and 2c is handled by the Community String which is the same as a password for SNMP access. The Community String should be difficult to guess and therefore be constructed in the same way that any other password, using combinations of upper and lower case letters with digits. Enabling an IP Rule for SNMP The advanced setting SNMP Before Rules in the RemoteAdmin section controls if the IP rule set checks all accesses by SNMP clients. This is by default disabled and the recommendation is to always enable this setting. The effect of enabling this setting is to add an invisible Allow rule at the top of the IP rule set which automatically permits accesses on port 161 from the network and on the interface specified for 67