Add SNMP hosts

Define SNMP hosts and their communication parameters to enable SNMP management stations to access and monitor the device. This task allows you to specify which hosts are permitted and how they communicate with the device.

Use Host to add or edit entries in the SNMP Hosts table on the SNMP page. These entries represent SNMP management stations allowed to access the Firewall Threat Defense device.

You can add up to 8192 hosts. Only 128 of this number can be for traps.

Note

In 7.4 and later, the Management and Diagnostic interfaces are merged. If Platform Settings for syslog servers or SNMP hosts specify the Diagnostic interface by name, then you must use separate Platform Settings policies for merged and non-merged devices (7.3 and earlier, and some upgraded 7.4 FTDs).

Before you begin

Ensure that the network objects that define the SNMP management stations exist. Select Device > Object Management to configure network objects.

Note

The supported network objects include IPv6 hosts, IPv4 hosts, IPv4 range and IPv4 subnet addresses.

Procedure

Step 1

Choose Devices > Platform Settings and create or edit the Firewall Threat Defense policy.

Step 2

Choose SNMP > Hosts tab.

Step 3

Click Add and completed the following:

  1. In the IP Address field, either enter a valid IPv6 or IPv4 host or select the network object that defines the SNMP management station's host address.

    The IP address can be an IPv6 host, IPv4 host, IPv4 range or IPv4 subnet.

  2. Select the appropriate SNMP version from the SNMP version drop-down list.

  3. (SNMPv3 only.) Select the username of the SNMP user that you configured from the User Name drop-down list.

    Note
    You can associate up to 23 SNMP users per SNMP host.

  4. (SNMPv1, 2c only.) In the Read Community String field, enter the community string that you have already configured, for read access to the device. Re-enter the string to confirm it.

    Note
    This string is required, only if the string used with this SNMP station is different from the one already defined in the Enable SNMP Server section.

  5. Select the type of communication between the device and the SNMP management station. You can select both types. Choose from:

    • Poll—The management station periodically requests information from the device.

    • Trap—The device sends trap events to the management station as they occur.

    Note
    When the SNMP host IP address is either an IPv4 range or an IPv4 subnet, you can configure either Poll or Trap, not both.

  6. In the Port field, enter a UDP port number for the SNMP host. The default value is 162. The valid range is 1 to 65535.

  7. Select the interface type for communication between the device and the SNMP management station under the Reachable By options. You can select either the Management interface of the device or an available security zone/named interface. Choose from:

    • Device Management Interface—Communication between the device and the SNMP management station occurs over the Management interface.

      • When you choose this interface for SNMPv3 polling, all configured SNMPv3 users are allowed to poll and are not restricted to the user chosen in 3.c. Here, SNMPv1 and SNMPv2c are not allowed from an SNMPv3 host.

      • When you choose this interface for SNMPv1 and SNMPv2c polling, the polling is not restricted at all to the version selected in 3.b.

    • Security Zones or Named Interface—Communication between the device and the SNMP management station occurs over a security zone or interface.

      • Search for zones in the Available Zones field.

      • Add the zones that contain the interfaces through which the device communicates with the management station to the Selected Zone/Interface field. For interfaces not in a zone, you can type the interface name into the field below the Selected Zone/Interface list and click Add. You can also choose a loopback interface and virtual-router-aware interfaces. The host will be configured on a device only if the device includes the selected interfaces or zones.

      Note

      VTI tunnel interfaces are not supported for SNMP.

Step 4

Click OK.

Step 5

Click Save.

You can now go to Deploy > Deploy and deploy the policy to assigned devices. The changes are not active until you deploy them.