Configure SNMP for a security device

Configure SNMP monitoring to allow network management stations to monitor the health and status of Cisco security devices. This task enables centralized visibility and management of devices using SNMP.

  • Enable SNMP so that SNMP management stations can monitor devices.

  • SNMP versions 1, 2c, and 3, including traps and read access, are supported. SNMP write access is not supported.

Simple Network Management Protocol (SNMP) defines a standard way for network management stations running on PCs or workstations to monitor the health and status of many types of devices, including switches, routers, and security appliances. You can use the SNMP page to configure a firewall device for monitoring by SNMP management stations.

SNMPv3 supports read-only users and encryption with DES(deprecated), 3DES, AES256, AES192, and AES128.

The DES option has been deprecated. If your deployment includes SNMP v3 users using DES encryption and that were created using a version earlier than 6.5, you can continue to use those users for Firewall Threat Defense devices running versions 6.6 or earlier. However, you cannot edit those users and retain DES encryption or create new users with DES encryption. If your Cloud-Delivered Firewall Management Center manages any Firewall Threat Defense devices running Versions 7.0+, deploying a platform settings policy that uses DES encryption to those Firewall Threat Defense devices will fail.

Note

  • You can configure SNMP only on Routed and Diagnostic interfaces.

  • To create an alert to an external SNMP server, access Administration > Alerts.

Procedure

Step 1

Choose Devices > Platform Settings and create or edit the Firewall Threat Defense policy.

Step 2

Select SNMP.

Step 3

Enable SNMP, and configure basic options.

  • Enable SNMP Servers—Whether to provide SNMP information to the configured SNMP hosts. You can deselect this option to disable SNMP monitoring while retaining the configuration information.
  • Read Community String, Confirm—Enter the password used by a SNMP management station when sending requests to the Firewall Threat Defense device. The SNMP community string (also known as password) is a shared secret among the SNMP management stations and the network nodes. The security device uses this password to determine if the incoming SNMP request is valid. The password is a case-sensitive alphanumeric string of up to 32 characters; spaces and special characters are not permitted.
  • System Administrator Name—Enter the name of the device administrator or other contact person. This string is case-sensitive and can be up to 127 characters. Spaces are accepted, but multiple spaces are shortened to a single space.
  • Location—Enter the location of this security device (for example, Building 42, Sector 54). This string is case-sensitive and can be up to 127 characters. Spaces are accepted, but multiple spaces are shortened to a single space.
  • Port—Enter the UDP port on which incoming requests will be accepted. The default is 161.

Step 4

(SNMPv3 only.) Add SNMPv3 users.

Step 5

Add SNMP hosts.

Step 6

Configure SNMP traps.

Step 7

Click Save.

You can now go to Deploy > Deploy and deploy the policy to assigned devices. The changes are not active until you deploy them.