Tz470/Tz570 SNMP on Port "X1"
MS500
Newbie ✭
Dear community: We recently started deploying Tz470/Tz570. Even though we are running the latest firmware, we are unable to retrieve any SNMP information from X1. The other ports (X2, X3,...) work fine. We are not even getting standard info such system, interface, etc. We never experienced this issue with previous generations of Tz Firewalls. Has anybody else experienced this?
Category: Entry Level Firewalls
0
Answers
Is SNMP enabled on the X1 interface management settings? Have you run a packet capture to ensure the packets are hitting the interface?
Thank you for your comment. Yes, SNMP is enabled on all WAN ports. Perhaps the ISP is blocking port 161. I am trying to prove that through packet capture. I wish the Tz platform was allowing to customize the SNMP port.
Cheers.
@MS500 did you tried to use an Inbound NAT Rule to open a different Port for SNMP and translate it to 161? Don't forget to create a proper Access Rule covering the new Port for Traffic to X1 IP and limit the Source of this rule to the static IP of your Monitoring System if possible. Having SNMP exposed to the public is IMHO not a good idea any probably the reason why your ISP decided to block it or using the port for the CPE.
--Michael@BWC