Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS

111

112

113

114

115

116

117

118

119

120

Chapter 10 Troubleshooting SNMP Introduction

Advanced Technical Reference Guide 4.1 • June 2000 115

Troubleshooting SNMP

Introduction

With the increase in the size of the computer network in an organization, it becomes increasingly important

centrally manage the variety of network devices. The Simple Network Management Protocol (SNMP) enables a

standard way of managing TCP/IP networks. SNMP uses a “Management Information Base” (MIB), which is a

tree structure of variables. Every vendor can add appropriate variables to the existing standard ones.

Agents (daemons) are installed on every network device that uses SNMP. Agents are responsible for

communication with the management station(s). Thus, a management station has to be defined, so that the agent

will know where to send SNMP traps and answers. There are three types of SNMP connections:

• GET – A command used by the management station to query (get MIB variable values) the network

element.

• SET - A command to set a MIB variable value at the network element.

• TRAP – When a network element changes its status, it sends a trap (message) to the management station.

For every SNMP command, a community string has to be specified. A community string is a text string that is

used as an authentication word. The VPN-1/FireWall-1 default string is “public” for GET commands, and

“private” for SET commands.

To learn more about the protocol, read Rfc1157.

In VPN-1/FireWall-1, SNMP is used on Network Objects definitions (the “SNMP fetch” button).

How to configure HP Open View to work with FireWall-1 4.0

Be aware that only the following versions of HP Open View are supported with FireWall-1 4.0:

• HP Open View for HPUX - versions 5.0 and below

• HP Open View for Solaris - versions 6.0 and below

See the configuration document for FireWall-1 4.0: “Installation/Update Procedure for HP Open View and

FireWall-1 Interoperability” (ID 55.0.4232364.2607295) in the Check Point Technical Services

SecureKnowledge site (29 pages).

Resolving Common SNMP Problems

This section lists some common problems and solution from the Check Point Technical Services

SecureKnowledge knowledge base.

What to check first

1. First, check that the SNMP daemon is running. On the NT platform, check that the local SNMP service is

used, and if it doesn’t exist, add it by right-clicking on the Network Neighborhood icon and choosing

Properties. Then go to the Services tab and add the SNMP service. On Unix platforms use the

VPN-1/FireWall-1 snmpd (the SNMP daemon, started automatically when the FireWall is started), which

is located at $FWDIR/bin directory. If the OS SNMP daemon is already started then the FireWall-1

daemon is started at port 260, while the standard port (that is occupied by the other daemon) is 161. If the

SNMP daemon doesn’t work, execute the command snmpd at $FWDIR/bin.

2. In FireWall-1 4.0, the FireWall-1 snmpd gets all the SNMP connections and sends them to the OS snmpd

(if exists) unless they request FireWall-1 information.