Knowledge Search


×
 

[SRX] Example - Generate SNMP trap when IDP attack is triggered

  [KB34310] Show Article Properties


Summary:

This how-to article provides configuration guidance for generating SNMP traps from the SRX firewall for each IDP attack detection event.

Solution:

By default, IDP attack detections do not raise an SNMP trap.

In certain environments, it may be required to generate an SNMP trap when an IDP attack event is detected on the SRX firewall. The following configuration will help achieve this.

  1. Set the SNMP location and community:

    set snmp location Lab                   
    set snmp community public authorization read-write

  2. Enable SNMP traps by configuring the source address and the SNMP collector / target address:

    ​set snmp trap-options source-address 192.168.1.2
    set snmp trap-group Global version all
    set snmp trap-group Global targets 192.168.1.1

  3. Configure event-options to raise a trap whenever an IDP attack event is encountered:

    ​set event-options policy TEST-IDP events idp_attack_log_event
    set event-options policy TEST-IDP then raise-trap


A screenshot of the trap captured from Wireshark is below:

 

Caution: Raising an SNMP trap can turn out to be resource intensive, depending on the rate at which attacks are triggered in your network. Please use this configuration option with caution.

 

Modification History:
2019-09-07: Minor, non-technical edits.
Related Links: