Setting Up SNMP Access

SNMP configuration consists of:
Enabling and Configuring SNMP Access
Setting up SNMPv3 Groups and Access

Enabling and Configuring SNMP Access

You can use either SNMPv1/v2 for basic functionality, or configure the appliance to use the more extensive SNMPv3 options.

Topics:
Configuring Basic Functionality
Configuring SNMPv3 Engine IDs
Configuring Object IDs for SNMPv3 Views.
Creating Groups and Adding Users
Adding Access
Configuring Basic Functionality
1
To enable SNMP on the Dell SonicWALL security appliance, navigate to the System > SNMP page.

2
Select the Enable SNMP checkbox. By default, SNMP is disabled.
3
Click Accept. The SNMP information is populated on the SNMP page.

4
To configure the SNMP interface, click on the Configure button. The Configure SNMP dialog is displayed.

5
In the General tab, enter the host name of the Dell SonicWALL security appliance in the System Name field.
6
Enter the network administrator’s name in the System Contact field.
7
Enter an email address, telephone number, or pager number in the System Location field.
8
If the SNMPv3 configuration option is used, enter an asset number in the Asset Number field.
9
Enter a name for a group or community of administrators who can view SNMP data in the Get Community Name field.
10
Enter a name for a group or community of administrators who can view SNMP traps in the Trap Community Name field.
11
Enter the IP address or host name of the SNMP management system receiving SNMP traps in the Host 1 through Host 4 fields. You must configure at least one IP address or host name, but up to four addresses or host names can be used.
12
Click OK.
Configuring SNMPv3 Engine IDs

If SNMPv3 is used, you can configure the SNMPv3 Engine ID and SNMP priority. Configuring the SNMPv3 Engine ID provides maximum security for SNMP management.

To configure SNMPv3 engine IDs:
1
If you have not configured SNMP for your system, follow Step 1 through Step 11 in Configuring Basic Functionality .
2
Click the Advanced tab.

3
Select the Mandatory Require SNMPv3 checkbox. This disables SNMPv1/v2 and allows only SNMPv3 access, which provides maximum security for SNMP management.
4
Enter the hexadecimal Engine ID number in the Engine ID field. This number will be matched against received SNMP packets to authorize their processing; only packets whose Engine ID matches this number will be processed.
5
Optionally, select the Increase SNMP subsystem priority checkbox.

For efficient system operation, certain operations may take priority over responses to SNMP queries. Enabling this option will cause the SNMP subsystem to always respond and operation at a higher system priority.

* 
NOTE: Enabling this option may affect the performance of the overall system.
6
Click OK. The SNMPv3 security options are now used in processing packets.

Setting up SNMPv3 Groups and Access

SNMPv3 allows you to set up and assign groups and access with differing levels of security. Object IDs are associated with various levels of permissions, and a single view can be assigned to multiple objects. Figure 3 shows how access for groups and users are associated with these different permission levels.

Figure 3. SNMPv3 group and user access

Configuring Object IDs for SNMPv3 Views.

The SNMPv3 Views show access settings for Users or Groups. You create settings for users and groups and these security settings are not User-modifiable. The SNMPv3 View defines the Object IDs (OID) and Object ID Groups, and is sometimes known as the SNMPv3 Access Object.

The SNMP View defines a collection of OIDs and OID groups. The initial set of default views cannot be changed or deleted. The default views reflect the most often used views, such as the root view, system view, IP, interfaces. The OIDs for these views are pre-assigned.

Additionally, you can create a custom view for specific users and groups.

You can modify views you create. You cannot modify the ones the system creates.

To configure OIDs for SNMPv3 views:
1
Navigate to System > SNMP.
2
To add a view, in the View section, click the Add button. The Add SNMP View window displays.

3
Enter a meaningful name in the View Name field. The default name is New SNMP View.
* 
NOTE: If editing an existing view, the name is not editable.
4
Enter an unassigned OID in the OID Associated with the View field.
5
Click Add OID.

The new view appears in the OID List. To delete an OID from the OID List, select the OID and click the Delete button.

6
Add any more new views with associated OIDs.
7
Click OK. The new views are added to the list on the SNMP page.

Creating Groups and Adding Users
Topics:
Creating a Group
Adding Users
Creating a Group
1
Navigate to System > SNMP.
2
To create a Group, click the Add Group button under the User/Group table. The Add SNMP Group window displays.

3
Enter a friendly name in the Group Name field. The group name can contain up to 32 alphanumeric characters.
4
Click OK.
Adding Users
1
Navigate to System > SNMP.
2
To add a user, click the Add User button under the User/Group table. The Add SNMP User dialog displays.

3
Enter the user name in the User Name field.
4
Select a security level from the Security Level drop-down menu:
None (default)
Authentication – Two new options appear:

Authentication Method – Select one of these authentication methods: MD5 or SHA1.
Authentication Key – Enter an authentication key in the field. The key can be any string of 8 to 32 printable characters.
Authentication and Privacy – More options appear:

Authentication Method – See above.
Authentication Key – See above.
Select an encryption method from the Encryption Method drop-down menu: AES or DES.
Enter the encryption key in the Privacy Key field. The key can be any string of 8 to 32 printable characters.
5
Select a group from the Group drop-down menu. The default is *No Group*.
6
Click OK when finished. The user is added to the list and added to the appropriate group (including *No Group*).

Adding Access

SNMPv3 Access is an object that:
Defines the read/write access rights of an SNMPv3 View.
Can be assigned to an SNMPv3 Group.

Multiple groups can be assigned to the same Access object. An Access object can also have multiple views assigned to it.

To create an access object:
1
Navigate to System > SNMP.
2
Under the Access table, click the Add button. The Add SNMP Access dialog displays.

3
Enter a friendly name in the Access Name field.
* 
NOTE: Existing names are non-editable.
4
From the Read view drop-down menu, select a view from the list of available views.
5
From the Master SNMPv3 Group drop-down menu, select a group from the list of available groups. Access cannot be given to *No Group*.
* 
NOTE: Access can be assigned to only one SNMPv3 groups., but a group can be associated with multiple Access objects.
6
From the Access Security Level drop-down menu, select a security level:
None
Authentication Only
Authentication and Privacy
7
Click OK. The Access object is added to the Access table.