Sidewinder G2 6.1.2 Administration Guide - Glossary of Technical ...
Sidewinder G2 6.1.2 Administration Guide - Glossary of Technical ... Sidewinder G2 6.1.2 Administration Guide - Glossary of Technical ...
Chapter 15: Configuring the SNMP Agent SNMP and Sidewinder G2 SNMP and Sidewinder G2 464 Figure 194: Managing distributed systems using SNMP This section introduces SNMP concepts and explains how to configure the Sidewinder G2 SNMP agent. It also explains what needs to be done to allow Sidewinder G2 to send or route messages to remote systems in an external network. Sidewinder G2 supports SNMPv1 and SNMPv2c. SNMP is the industry standard for network management. You can set up SNMP agent software that allows the Sidewinder G2 to be monitored by SNMP compliant network management stations located on an internal or external network. You can also configure the Sidewinder G2 to route SNMP messages between a management station inside the Sidewinder G2 and an SNMP agent on a system in an external network. Note: The SNMP agent cannot run in the Firewall burb. Although only one SNMP agent is allowed to operate on the Sidewinder G2, access through other burbs is supported using the UDP proxy. In addition, SNMP will only accept requests addressed to the first interface in a burb. SNMP basics A network that is managed using SNMP involves two primary components: a manager (management station) and a number of managed nodes. The management station is typically a PC or UNIX workstation running network management software such as Hewlett-Packard’s OpenView ® Windows or Novell ManageWise. Managed nodes are networking devices such as routers or Sidewinder G2s that contain an SNMP agent. Figure 194 shows a management station communicating with SNMP nodes to obtain network configuration information. SNMP Managemen t Station Sidewinder G2 (managed node) R router (managed node) server (managed node)
Figure 195: Community name within an SNMP message Chapter 15: Configuring the SNMP Agent SNMP and Sidewinder G2 The management station displays a graphical representation of a network’s topology through a Windows-based environment. In general, network managers can monitor each SNMP node (including the Sidewinder G2) by clicking an icon representing each node in the network’s topology. A management station in the internal or external network can request information from a managed node’s SNMP agent. The SNMP management station sends a managed node Get and GetNext SNMP messages to retrieve node-specific parameters and variables, called objects. The message response from the managed system provides the SNMP administrator with information on a node’s device names, status, network connections, etc. Important: SNMPv1 agents typically allow Get, GetNext, and Set requests from the management station. However, the Sidewinder G2 SNMPv1 agent does not support Set requests. This prevents a management system from sending commands to change variables or parameters in the Sidewinder G2. Each managed node can send an unsolicited event notification message, called a trap, to a management station when it detects certain system events. For example, you can configure the SNMP agent in the Sidewinder G2 to issue a trap whenever an unauthorized user tries to read, write, or execute a protected file on the Sidewinder G2. (Refer to “Sidewinder G2 SNMP traps” on page 579 for a list of all traps supported by Sidewinder G2.) When setting up SNMP management, a network administrator assigns the management station and the nodes it will manage a community name. As shown in Figure 195, the community name is in the authentication header in each SNMP message exchanged between a management station and a managed node. VERSION COMMUNITY NAME SNMP COMMAND: GET, GETNEXTREQUEST, ETC. The SNMP agent treats the community name like a password to validate the identity of a management station. For example, suppose a management station sends a get request to retrieve information from a managed node’s SNMP agent. If the community name within the get request is not also used by the SNMP agent, the agent will not return information to the management station. Caution: To increase security on your network, do not use common default names such as “public” or “private,” which can be easily guessed. Both the management station and the managed node also contain Management Information Bases (MIBs) that store information about the managed objects. Currently, the SNMP agent on Sidewinder G2 supports 465
- Page 439 and 440: Figure 178: Client Address Pools: F
- Page 441 and 442: Adding or modifying a client identi
- Page 443 and 444: Table 28: Supported X.500 Attribute
- Page 445 and 446: Single certificate versus Certifica
- Page 447 and 448: Adding a Certificate Authority Chap
- Page 449 and 450: Figure 180: Remote Identities tab A
- Page 451 and 452: Figure 181: Firewall certificates A
- Page 453 and 454: Figure 182: Remote certificates def
- Page 455 and 456: Chapter 14: Configuring Virtual Pri
- Page 457 and 458: Selecting a new proxy certificate I
- Page 459 and 460: Figure 185: Import Firewall Certifi
- Page 461 and 462: Chapter 14: Configuring Virtual Pri
- Page 463 and 464: Exporting both the certificate and
- Page 465 and 466: About the Security Associations win
- Page 467 and 468: Chapter 14: Configuring Virtual Pri
- Page 469 and 470: Configuring password information on
- Page 471 and 472: Entering Certificate + Certificate
- Page 473 and 474: Entering Manual information on the
- Page 475 and 476: Entering information on the Advance
- Page 477 and 478: Figure 191: VPN between two corpora
- Page 479 and 480: Figure 192: One VPN association per
- Page 481 and 482: Chapter 14: Configuring Virtual Pri
- Page 483 and 484: Figure 193: One VPN association for
- Page 485 and 486: Chapter 14: Configuring Virtual Pri
- Page 487 and 488: Chapter 14: Configuring Virtual Pri
- Page 489: 15 CHAPTER Configuring the SNMP Age
- Page 493 and 494: Figure 196: MIBs supported by the S
- Page 495 and 496: Defining a community name Defining
- Page 497 and 498: Communication with systems in an ex
- Page 499 and 500: 16 CHAPTER One-To-Many Clusters In
- Page 501 and 502: Considerations when using One-To-Ma
- Page 503 and 504: Configuring One- To-Many Chapter 16
- Page 505 and 506: Figure 201: One To Many Management
- Page 507 and 508: Chapter 16: One-To-Many Clusters Co
- Page 509 and 510: Chapter 16: One-To-Many Clusters Co
- Page 511 and 512: Chapter 16: One-To-Many Clusters Un
- Page 513 and 514: 17 CHAPTER High Availability In thi
- Page 515 and 516: HA configuration options Chapter 17
- Page 517 and 518: You can configure failover HA in on
- Page 519 and 520: Configuring the heartbeat burbs Cha
- Page 521 and 522: Chapter 17: High Availability Confi
- Page 523 and 524: Chapter 17: High Availability Confi
- Page 525 and 526: Chapter 17: High Availability Confi
- Page 527 and 528: Removing a secondary/standby from a
- Page 529 and 530: Managing an HA cluster Features tha
- Page 531 and 532: Chapter 17: High Availability Manag
- Page 533 and 534: Changing the multicast address Chap
- Page 535 and 536: About the Local Parameters tab Chap
- Page 537 and 538: Chapter 17: High Availability Manag
- Page 539 and 540: 18 CHAPTER Monitoring In this chapt
Chapter 15: Configuring the SNMP Agent<br />
SNMP and <strong>Sidewinder</strong> <strong>G2</strong><br />
SNMP and<br />
<strong>Sidewinder</strong> <strong>G2</strong><br />
464<br />
Figure 194: Managing<br />
distributed systems using<br />
SNMP<br />
This section introduces SNMP concepts and explains how to configure the<br />
<strong>Sidewinder</strong> <strong>G2</strong> SNMP agent. It also explains what needs to be done to allow<br />
<strong>Sidewinder</strong> <strong>G2</strong> to send or route messages to remote systems in an external<br />
network.<br />
<strong>Sidewinder</strong> <strong>G2</strong> supports SNMPv1 and SNMPv2c. SNMP is the industry<br />
standard for network management. You can set up SNMP agent s<strong>of</strong>tware that<br />
allows the <strong>Sidewinder</strong> <strong>G2</strong> to be monitored by SNMP compliant network<br />
management stations located on an internal or external network. You can also<br />
configure the <strong>Sidewinder</strong> <strong>G2</strong> to route SNMP messages between a<br />
management station inside the <strong>Sidewinder</strong> <strong>G2</strong> and an SNMP agent on a<br />
system in an external network.<br />
Note: The SNMP agent cannot run in the Firewall burb. Although only one SNMP<br />
agent is allowed to operate on the <strong>Sidewinder</strong> <strong>G2</strong>, access through other burbs is<br />
supported using the UDP proxy. In addition, SNMP will only accept requests<br />
addressed to the first interface in a burb.<br />
SNMP basics<br />
A network that is managed using SNMP involves two primary components: a<br />
manager (management station) and a number <strong>of</strong> managed nodes. The<br />
management station is typically a PC or UNIX workstation running network<br />
management s<strong>of</strong>tware such as Hewlett-Packard’s OpenView ® Windows or<br />
Novell ManageWise. Managed nodes are networking devices such as routers<br />
or <strong>Sidewinder</strong> <strong>G2</strong>s that contain an SNMP agent. Figure 194 shows a<br />
management station communicating with SNMP nodes to obtain network<br />
configuration information.<br />
SNMP<br />
Managemen<br />
t Station<br />
<strong>Sidewinder</strong> <strong>G2</strong><br />
(managed node)<br />
R<br />
router<br />
(managed node)<br />
server<br />
(managed node)