SNMP monitoring

Simple Network Management Protocol (SNMP) is a protocol for managing network devices. Administrators can use it to configure devices, get device status information, and receive event notifications.

SNMP can be used to monitor Kaspersky NGFW devices. One SNMP agent runs on each Kaspersky NGFW device. The SNMP agent gets monitoring data and sends this data for processing to the SNMP manager. Multiple SNMP managers can poll an SNMP agent.

An SNMP manager and an SNMP agent exchange requests and notifications. By default, the SNMP agent listens for SNMP manager requests on port 161. However, the SNMP manager can send requests through any available port. The response arrives to the same port from which the request was sent.

By default, the SNMP manager listens for SNMP agent notifications on port 161. However, SNMP agents can send notifications through any available port. Kaspersky NGFW supports two SNMP modes:

• Traps are notifications about events that an SNMP agent sends without being polled by an SNMP manager. When the event specified by the administrator occurs, for example, the Kaspersky NGFW device or one of its network interfaces becomes disabled, the SNMP agent generates a trap and sends it to the SNMP trap server in the form of an UPD message. The list of events and the conditions in which they occur are configured on the device. Traps allow automatically informing the SNMP manager about events without waiting for a request.
• Polling involves sending messages to the device as requested by the SNMP manager. The device only returns a response for supported event types. The polling mode is not suitable for rapid response to events because information is requested only at certain points in time.

Modifying device settings (using the SET command) is not possible.

You can monitor such settings as general device information, hardware information, functional metrics, and information about network interfaces.

Kaspersky NGFW supports SNMPv2c and SNMPv3 encryption protocols:

• SNMPv2c:
  • Community string based authentication.
  • Integrity control of transmitted messages involves hashing the contents of the message using the SHA1 algorithm to protect it against spoofing.
  • SNMPv2c does not provide built-in traffic encryption. We recommend using this option only within isolated or secure networks.
• SNMPv3:
  • Authentication based on user accounts with the name, access level, and algorithm explicitly configured.
  • Supported authentication algorithms:
    • SHA1
    • SHA256

Set up the integration with the Zabbix monitoring system.

The distribution kit of Kaspersky NGFW includes a template for the Zabbix monitoring system, which collects key metrics of the device using the SNMP protocol:

• Collecting data on CPU and memory usage
• Network activity control by interface; inbound/outbound traffic
• Tracking the statuses of network interfaces
• Collecting uptime indicators

In this section Configuring SNMP monitoring Managing SNMP profiles Managing OID views Description of Kaspersky NGFW MIB objects Configuring SNMP monitoring on the command line

Page top