Knowledge Search


×
 

What are the steps required to allow SNMP management of a Juniper firewall device?

  [KB5467] Show Article Properties


Summary:

Symptoms:
Symptoms:
  • Manage device using SNMP
  • What are the steps required to allow SNMP management of a Juniper firewall device?
Solution:

There are three basic steps required to manage a Juniper firewall device using SNMP.

Step 1.  Configure the community name and assign privileges.  For example:
set snmp community admin read-only version any
-or-
set snmp community admin read-write version any

Step 2.  Configure a SNMP host that will be allowed to access the Juniper firewall device using the community name configured in the first step.  For example:
set snmp host admin 192.168.1.100 255.255.255.255 trap v2

Step 3.  Enable SNMP management on the interface:
set interface eth0/0 manage snmp

You can then configure the SNMP client with the community name specified in step one.
Configure the SNMP client to query the Juniper firewall IP address (assigned to the interface in which SNMP was enabled, i.e. step 3).

Key Points:
  • When you create an SNMP community, you can specify whether the community supports SNMPv1, SNMPv2c, or both SNMP versions, as required by the SNMP management stations. If no version is configured, then version v1 is chosen by default. (For backward compatibility with earlier ScreenOS releases that only support SNMPv1, security devices support SNMPv1 by default.) If an SNMP community supports both SNMP versions, you must specify a trap version for each community member.
  • If no trap version is specified, the default of version v1 is chosen. You can also specify the source interface from which SNMP messages will originate.
  • When managing devices in an NSRP cluster, configure a separate manage-ip for the master and the slave. The SNMP trap agent will send data to the SNMP manager with the source of the manage-ip address.
Related Links: