Nexapp - SNMP Server

SNMP Server

Simple Network Management Protocol (SNMP) provides a standardized way to monitor and manage network devices like your firewall remotely. It allows authorized users to retrieve essential information such as device status, performance metrics, and configuration settings.

The SNMP server is disabled by default on your firewall. When enabled, it allows access from within your local area network (LAN) on all IPv4 and IPv6 addresses.

Note If the system has been updated from v1.4.1 or earlier, the SNMP server will be enabled by default. To disable it, follow the steps in the Disabling the SNMP Server section.

Configuring the SNMP Server

It’s crucial to configure the basic system identity fields so monitoring tools can correctly recognize your firewall.

  1. Open a terminal window on your firewall.

  2. Set the desired values for sysLocation, sysContact, and sysName:

uci set snmpd.general.enabled=1
uci set snmpd.@system[0].sysLocation='<string>'
uci set snmpd.@system[0].sysContact='<string>'
uci set snmpd.@system[0].sysName='<string>'

Replace <string> with your environment details. Example:

uci set snmpd.general.enabled=1
uci set snmpd.@system[0].sysLocation='MyOffice'
uci set snmpd.@system[0].sysContact='admin@nethsecurity.org'
uci set snmpd.@system[0].sysName='firewall.nethsecurity.org'
  1. Apply the configuration:
uci commit snmpd
reload_config

The SNMP configuration is stored in:

/etc/config/snmpd

Testing SNMP

From a remote machine with SNMP tools installed, test using:

snmpwalk -v 2c -c public 127.0.0.1

Disabling the SNMP Server

If you don’t need SNMP, disable it to reduce attack surface.

  1. Open a terminal on the firewall.

  2. Disable SNMP:

uci set snmpd.general.enabled=0
uci commit snmpd
reload_config

Reminder: Disabling SNMP may impact monitoring systems that rely on it.

Enabling Remote Access

To use SNMP outside the LAN, you must allow inbound UDP/161 to the firewall.

Create a firewall input rule that:

  • permits UDP
  • destination port 161
  • destination firewall itself
  • source restricted to trusted IPs only

Opening SNMP publicly increases risk, so keep access tightly limited.

Security Considerations

Before enabling or exposing SNMP:

  • Use a strong community string Replace the default "public" with a unique, complex value.

  • Restrict access Allow SNMP only from specific monitoring servers or admin IP ranges using ACLs/firewall rules.

Discard
Save
Draft
This page has been updated since your last edit. Your draft may contain outdated content. Load Latest Version

Previous Page

Left

Next Page

Right

On this page

Review Changes ← Back to Content
Message Status Space Raised By Last update on