Activate the SNMP agent on NGFW Engines
The SNMP Agent is responsible for SNMP-related tasks on the NGFW Engines.
Before you begin
When you use SNMPv3, you can specify the SNMP engine ID for each single NGFW Engine and each node of NGFW Engine clusters. The SNMP engine ID is a unique identifier for the NGFW Engine that is used by the SNMP agent. The engine ID is used with a hash function to generate keys for authentication and encryption of SNMPv3 messages. If you do not specify the SNMP engine ID, an SNMP engine ID is automatically generated.
For more details about the product and how to configure features, click Help or press F1.
Steps
- Right-click an engine element, then select Edit <element type>.
- In the navigation pane on the left, browse to .
- From the SNMP Agent drop-down list, select the SNMP Agent that you want to activate.
- In the SNMP Location field, enter the string that is returned on queries to the SNMPv2-MIB or SNMPv2-MIB-sysLocation object.
- In the Listening IP Addresses field, add one or more IPv4 or IPv6 addresses.
-
(Optional, SNMPv3 only) Specify the value of the SNMP Engine ID option.
- Single NGFW Engines — In the SNMP Engine ID field, enter a unique identifier for the NGFW Engine.
- NGFW Engine clusters — Browse to , then enter a unique identifier for each node in the SNMP Engine ID cell.
- Click Save and Refresh to transfer the changes.
Engine Editor > General > SNMP and LLDP
Use this branch to enable the NGFW Engine to send SNMP traps and to select the LLDP Profile for the NGFW Engine.
Option | Definition |
---|---|
SNMP section | |
SNMP Agent | Enables the NGFW Engine to send SNMP traps.
|
SNMP Location | Specifies the SNMP location string that is returned on queries to the SNMPv2-MIB or SNMPv2-MIB-sysLocation object. |
SNMP Engine ID (Single NGFW Engines and SNMPv3 only) |
A unique identifier for the NGFW Engine that is used by the SNMP agent. The engine ID is used with a hash function to generate keys for authentication and encryption of SNMPv3 messages. If you do not specify the SNMP engine ID, an SNMP engine ID is automatically generated. |
Listening IP Addresses | The IPv4 or IPv6 addresses from which SNMP traps are sent. Click Add to add an element to the list, or Remove to remove the selected element. |
LLDP section | |
LLDP Profile (NGFW Engines and Master NGFW Engines in the Firewall/VPN role only) |
The LLDP Profile element that specifies settings for LLDP announcements that the NGFW Engine announces. Click Select to select an element. |
Engine Editor > General > Clustering
Use this branch to view nodes and add new nodes to the NGFW Engine cluster.
Option | Definition |
---|---|
Node ID (Not editable) |
Shows the ID number of the node. |
Name | Specifies the name of the node. Double-click the cell to edit the name. |
Configuration Status (Not editable) |
Shows the configuration status of the node. |
Certificate (Optional) |
Shows information about the node's certificate for external
certificate management. Right-click the cell, then select Edit Certificate to create a certificate request for the NGFW Engine node. You must create a separate certificate request for each NGFW Engine node. |
Version (Not editable) |
Shows the version of the NGFW Engine software that is installed on the engine. |
Comment (Optional) |
A comment for your own reference. |
SNMP Location | Specifies the SNMP location string that is returned on queries to the SNMPv2-MIB or SNMPv2-MIB-sysLocation object. |
SNMP Engine ID (SNMPv3 only) |
A unique identifier for each NGFW Engine node that is used by the SNMP agent. The engine ID is used with a hash function to generate keys for authentication and encryption of SNMPv3 messages. If you do not specify the SNMP engine ID, an SNMP engine ID is automatically generated. |
Disabled | Disables the node. You can enable the node later. |
Add Node | Adds a node to the cluster. Opens the Engine Node Properties dialog box. |
Edit Node | Allows you to change the properties of the selected node. Opens the Engine Node Properties dialog box. |
Remove Node | Deletes the selected node. The deleted node cannot be restored. |
Clustering Mode
(Not Layer 2 Firewalls) |
Note: Only standby clustering mode is supported for Layer 2 Firewall Clusters.
|
Clustering | Allows you to change advanced settings for the cluster. Opens the Advanced Cluster Settings dialog box. |
Select dialog box (for SNMP listening IP addresses)
Use this branch to select the IP addresses from which SNMP traps are sent.
Option | Definition |
---|---|
Select Interface | Lists the available interfaces and their IP addresses. You can select one or more interfaces. |
Select | Adds the selected IP addresses to the configuration and closes the window. |