The Simple Network Management Protocol (SNMP) was designed to help centrally manage devices using network management stations (NMSs). These stations can poll information, accept events from devices known as traps , and even configure the devices remotely. Devices such as hubs, routers, printers, firewalls, and even Microsoft computers can allow an NMS to collect information about them.
SNMP on the PIX
The three main versions of SNMP are 1, 2, and 3. The PIX firewall supports only versions 1 and 2. The PIX also supports only the reading of information, meaning you cannot remotely configure the PIX firewall using NMS as you can with other devices.
By default, SNMP is enabled on the PIX with a community name of public . Any NMS can read information about the PIX. Therefore, to provide some basic security, you should change the default community name to something other than public .
Listing 7.4 is an example of configuring SNMP on the PIX firewall. The community setting should be the same as on the NMS, so that information can be polled from the PIX firewall. The location and contact settings provide basic information about where and who to contact about this device. The enable traps allow messages to be sent from the PIXs to the NMS. Finally, the host setting defines where to send the SNMP traps (which is the IP address of the NMS server).
Listing 7.4 Configuring SNMP
pixfirewall(config)# snmp-server community myarea pixfirewall(config)# snmp-server location oregon pixfirewall(config)# snmp-server contact Mr. Newman pixfirewall(config)# snmp-server enable traps pixfirewall(config)# snmp-server host inside 192.168.1.11 pixfirewall(config)# show snmp snmp-server host inside 192.168.1.11 snmp-server location oregon snmp-server contact Mr. Newman snmp-server community myarea snmp-server enable traps pixfirewall(config)#