Configuring Simple Network
Management Protocol
Simple Arrangement Administration Protocol (SNMP) is one of the easiest means to
manage a arrangement accessory and to retrieve advice from it. Many readers will
be accustomed with SNMP on Cisco routers, but on the Cisco PIX, things are a bit
different. SNMP on the Cisco PIX is apprehend only.
Do not use a anemic SNMP association string.You should never use the default
of accessible as the SNMP string.This acclaimed and anemic cord defeats the purpose
of aggravating to defended your PIX firewall.The cord you accept should not be a
dictionary-based word. For example, UcanN0tGuEe$$ME would be a actual difficult
community cord to guess, and best concordance attacks would abort adjoin it.
There are three versions of SNMP. Here we apply on adaptation 1 because
that is the adaptation the PIX firewall supports.Various SNMP managers are available
to administer the PIX firewall appliance SNMP.We accept listed a few of them here:
HP OpenView
SolarWinds
CiscoWorks
Castle Rock SNMPc
The Multi Router Traffic Grapher (MRTG)
www.syngress.com
Configuring Arrangement Administration • Chapter 6 317
The one SNMP appliance that deserves appropriate acknowledgment is the Multi
Router Traffic Grapher (MRTG). Strictly speaking,MRTG is not an SNMP
manager appliance but a graphing appliance that uses SNMP to accumulate data
and accomplish graphs.MRTG generates graphs based on polled SNMP values.
These graphs can be again amid into documents,Web pages, or e-mail.MRTG
is chargeless for download and is accessible at www.mrtg.org.MRTG works able-bodied with
the PIX firewall. An archetype of appliance MRTG with the PIX firewall can be
found at www.somix.com/software/mrtg.This Web armpit provides a calligraphy for
monitoring the cardinal of access on a PIX firewall.
In adjustment to accomplish acceptable use of SNMP to adviser the PIX firewall, you need
to download the Cisco PIX Administration Advice Bases (MIBs).These MIBs
can be begin at www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
Once you accept downloaded the MIBs, you charge to abridge them in your
SNMP administrator afore you can use them to administer the Cisco PIX beyond
some simple OIDs.
There are two means to get SNMP advice from the PIX firewall.The
first is to concern the PIX appliance SNMP.The host will accelerate a concern to the PIX
(also accepted as polling it for information) and accept a response.The additional way
is to accept the PIX accelerate “traps” to the SNMP administration station.The accessories sent
are not the aforementioned as polled OIDs. A allurement is a bulletin that the PIX sends based on
an accident that has occurred, such as a articulation activity up or bottomward or a syslog event.
Polling can be acclimated to retrieve advice or ethics that can be displayed by the
SNMP administration base in the anatomy of gauges, bar charts, or addition format.
Polling can additionally retrieve arrangement advice about the PIX, such as the software
version, interface statistics, and CPU utilization.