Activate the SNMP agent on NGFW Engines

The SNMP Agent is responsible for SNMP-related tasks on the NGFW Engines.

Before you begin

If you use SNMPv3, there must be one or more user names defined in the properties of the SNMP Agent element.

When you use SNMPv3, you can specify the SNMP engine ID for each single NGFW Engine and each node of NGFW Engine clusters. The SNMP engine ID is a unique identifier for the NGFW Engine that is used by the SNMP agent. The engine ID is used with a hash function to generate keys for authentication and encryption of SNMPv3 messages. If you do not specify the SNMP engine ID, an SNMP engine ID is automatically generated.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click an engine element, then select Edit <element type>.
  2. In the navigation pane on the left, browse to General > SNMP and LLDP.
  3. From the SNMP Agent drop-down list, select the SNMP Agent that you want to activate.
  4. In the SNMP Location field, enter the string that is returned on queries to the SNMPv2-MIB or SNMPv2-MIB-sysLocation object.
  5. In the Listening IP Addresses field, add one or more IPv4 or IPv6 addresses.
  6. (Optional, SNMPv3 only) Specify the value of the SNMP Engine ID option.
    • Single NGFW Engines — In the SNMP Engine ID field, enter a unique identifier for the NGFW Engine.
    • NGFW Engine clusters — Browse to General > Clustering, then enter a unique identifier for each node in the SNMP Engine ID cell.
  7. Click Save and Refresh to transfer the changes.

Engine Editor > General > SNMP and LLDP

Use this branch to enable the NGFW Engine to send SNMP traps and to select the LLDP Profile for the NGFW Engine.

Note: These settings are not supported for Virtual NGFW Engines.
Option Definition
SNMP section
SNMP Agent Enables the NGFW Engine to send SNMP traps.
  • Select — Select an existing SNMP Agent element.
  • None — Disables the sending of SNMP traps.
  • New — Create an SNMP Agent element.
SNMP Location Specifies the SNMP location string that is returned on queries to the SNMPv2-MIB or SNMPv2-MIB-sysLocation object.
SNMP Engine ID

(Single NGFW Engines and SNMPv3 only)

A unique identifier for the NGFW Engine that is used by the SNMP agent.

The engine ID is used with a hash function to generate keys for authentication and encryption of SNMPv3 messages. If you do not specify the SNMP engine ID, an SNMP engine ID is automatically generated.

Listening IP Addresses The IPv4 or IPv6 addresses from which SNMP traps are sent. Click Add to add an element to the list, or Remove to remove the selected element.
LLDP section
LLDP Profile

(NGFW Engines and Master NGFW Engines in the Firewall/VPN role only)

The LLDP Profile element that specifies settings for LLDP announcements that the NGFW Engine announces. Click Select to select an element.

Engine Editor > General > Clustering

Use this branch to view nodes and add new nodes to the NGFW Engine cluster.

Option Definition
Node ID

(Not editable)

Shows the ID number of the node.
Name Specifies the name of the node. Double-click the cell to edit the name.
Configuration Status

(Not editable)

Shows the configuration status of the node.
Certificate

(Optional)

Shows information about the node's certificate for external certificate management. Right-click the cell, then select Edit Certificate to create a certificate request for the NGFW Engine node.

You must create a separate certificate request for each NGFW Engine node.

Version

(Not editable)

Shows the version of the NGFW Engine software that is installed on the engine.
Comment

(Optional)

A comment for your own reference.
SNMP Location Specifies the SNMP location string that is returned on queries to the SNMPv2-MIB or SNMPv2-MIB-sysLocation object.
SNMP Engine ID

(SNMPv3 only)

A unique identifier for each NGFW Engine node that is used by the SNMP agent.

The engine ID is used with a hash function to generate keys for authentication and encryption of SNMPv3 messages. If you do not specify the SNMP engine ID, an SNMP engine ID is automatically generated.

Disabled Disables the node. You can enable the node later.
Add Node Adds a node to the cluster. Opens the Engine Node Properties dialog box.
Edit Node Allows you to change the properties of the selected node. Opens the Engine Node Properties dialog box.
Remove Node Deletes the selected node. The deleted node cannot be restored.
Clustering Mode

(Not Layer 2 Firewalls)

  • Balancing — All nodes are simultaneously online providing enhanced performance and high availability if there is node failure. Balancing mode is the default mode.
  • Standby — Only one node can be online at a time. We recommend having at least one other node on standby to allow automatic takeover if there is failure. Several nodes can be on standby at a time. A randomly selected standby node is turned online when the online node fails.
Note: Only standby clustering mode is supported for Layer 2 Firewall Clusters.
Clustering Allows you to change advanced settings for the cluster. Opens the Advanced Cluster Settings dialog box.

Select dialog box (for SNMP listening IP addresses)

Use this branch to select the IP addresses from which SNMP traps are sent.

Option Definition
Select Interface Lists the available interfaces and their IP addresses. You can select one or more interfaces.
Select Adds the selected IP addresses to the configuration and closes the window.