Add SNMP Hosts

Use Host to add or edit entries in the SNMP Hosts table on the SNMP page. These entries represent SNMP management stations allowed to access the threat defense device.

You can add up to 8192 hosts. However, only 128 of this number can be for traps.

Note

In 7.4 and later, the Management and Diagnostic interfaces are merged. If Platform Settings for syslog servers or SNMP hosts specify the Diagnostic interface by name, then you must use separate Platform Settings policies for merged and non-merged devices (7.3 and earlier, and some upgraded 7.4 FTDs).

Before you begin

Ensure that the network objects that define the SNMP management stations exist. Select Device > Object Management to configure network objects.

Note	The supported network objects include IPv6 hosts, IPv4 hosts, IPv4 range and IPv4 subnet addresses.

Procedure

Step 1

Choose Devices > Platform Settings and create or edit the threat defense policy.

Step 2

Click SNMP > Hosts.

Step 3

Click Add.

Step 4

In the IP Address field, either enter a valid IPv6 or IPv4 host or select the network object that defines the SNMP management station's host address.

The IP address can be an IPv6 host, IPv4 host, IPv4 range or IPv4 subnet.

Step 5

Select the appropriate SNMP version from the SNMP version drop-down list.

Step 6

(SNMPv3 only.) Select the username of the SNMP user that you configured from the User Name drop-down list.

Note	You can associate up to 23 SNMP users per SNMP host.

Step 7

(SNMPv1, 2c only.) In the Read Community String field, enter the community string that you have already configured, for read access to the device. Re-enter the string to confirm it.

Note	This string is required, only if the string used with this SNMP station is different from the one already defined in the Enable SNMP Server section.

Step 8

Select the type of communication between the device and the SNMP management station. You can select both types.

Poll—The management station periodically requests information from the device.
Trap—The device sends trap events to the management station as they occur.

Note	When the SNMP host IP address is either an IPv4 range or an IPv4 subnet, you can configure either Poll or Trap, not both.

Step 9

In the Port field, enter a UDP port number for the SNMP host. The default value is 162. The valid range is 1 to 65535.

Step 10

Select the interface type for communication between the device and the SNMP management station under the Reachable By options. You can select either the device's Management interface or an available security zone/named interface.

Device Management Interface—Communication between the device and the SNMP management station occurs over the Management interface.
- When you choose this interface for SNMPv3 polling, all configured SNMPv3 users are allowed to poll and are not restricted to the user chosen in Step 6. Here, SNMPv1 and SNMPv2c are not allowed from an SNMPv3 host.
- When you choose this interface for SNMPv1 and SNMPv2c polling, the polling is not restricted at all to the version selected in Step 5.
Security Zones or Named Interface—Communication between the device and the SNMP management station occurs over a security zone or interface.
- Search for zones in the Available Zones field.
- Add the zones that contain the interfaces through which the device communicates with the management station to the Selected Zone/Interface field. For interfaces not in a zone, you can type the interface name into the field below the Selected Zone/Interface list and click Add. You can also choose a loopback interface and virtual-router-aware interfaces. The host will be configured on a device only if the device includes the selected interfaces or zones.

Step 11

Click OK.

Step 12

Click Save.

You can now go to Deploy > Deployment and deploy the policy to assigned devices. The changes are not active until you deploy them.