Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What are the steps required to allow SNMP management of a Juniper firewall device?

0

0

Article ID: KB5467 KB Last Updated: 29 Sep 2020Version: 7.0
Summary:

This article explains how to manage device using SNMP.

Solution:

There are three basic steps required to manage a Juniper firewall device using SNMP.

  1. Configure the community name and assign privileges.  For example:

    set snmp community admin read-only version any
    -or-
    set snmp community admin read-write version any
  2. Configure a SNMP host that will be allowed to access the Juniper firewall device using the community name configured in the first step.  For example:

    set snmp host admin 192.168.1.100 255.255.255.255 trap v2
  3. Enable SNMP management on the interface:

    set interface eth0/0 manage snmp

You can then configure the SNMP client with the community name specified in step one.

Configure the SNMP client to query the Juniper firewall IP address (assigned to the interface in which SNMP was enabled, i.e. step 3).

Key Points:

  • When you create an SNMP community, you can specify whether the community supports SNMPv1, SNMPv2c, or both SNMP versions, as required by the SNMP management stations. If no version is configured, then version v1 is chosen by default. (For backward compatibility with earlier ScreenOS releases that only support SNMPv1, security devices support SNMPv1 by default.) If an SNMP community supports both SNMP versions, you must specify a trap version for each community member.
  • If no trap version is specified, the default of version v1 is chosen. You can also specify the source interface from which SNMP messages will originate.
  • When managing devices in an NSRP cluster, configure a separate manage-ip for the primary and the backup. The SNMP trap agent will send data to the SNMP manager with the source of the manage-ip address.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search