How To Configure Cyberoam as SNMP Agent

Transcription

1 How To Configure Cyberoam as SNMP Agent Applicable to Version: onwards The Cyberoam SNMP implementation is read-only. SNMP v1, v2c and v3 compliant SNMP managers have read-only access to Cyberoam system information and can receive Cyberoam traps. Cyberoam supports custom (Cyberoam proprietary) Management Information Base (MIB) generating trap messages and for Cyberoam to reply to the SNMP GET commands for MIB via configured interface you need to download Cyberoam MIB. Configure SNMP from the Web Admin Console. Configuring SNMP is a four-step process as follows: Download Cyberoam MIB attached with this document and load in your SNMP Manager device. Start SNMP server as by default SNMP server is not ON Create Agent Create Community (SNMP v1 and v2c) or User (SNMP v3) Create Firewall rule to allow SNMP traffic Step 1. Start SNMP server Go to System SNMP Manage SNMP and click Start Step 2. Configure Cyberoam as SNMP Agent 1. Select System SNMP Agent Configuration 2. Specify a name to identify the Agent 3. Specify System Location. It is the physical location e.g. name of the department or city, where Cyberoam appliance is deployed. 4. Specify System Contact. It is the contact information e.g. name or address, of the person responsible for the above-specified Cyberoam appliance. 5. Specify Manager Port. Cyberoam will use this port to send traps. Remote SNMP Management station/manager will use this port to connect to the Cyberoam appliance. 6. Specify 7. Click Update to save the details Step 3. Create SNMP community (if SNMP manager supports SNMP v1 and v2c) 1. Select System SNMP Create Community 2. Specify a name to identify the Community 3. Specify IP address of the SNMP Manager that can use the settings in the SNMP community to monitor Cyberoam. 4. Enable the required SNMP protocol version support. SNMP v1 and v2c compliant SNMP managers have read-only access to Cyberoam system information and can receive Cyberoam traps. 5. Enable the required version for trap support. Traps will be sent to the SNMP Managers who support the specified versions only. 6. Specify 7. Click Create Step 3. Create V3 user (if SNMP manager supports SNMP v3) Go to System SNMP Create V3 User and create user by specifying username and password for the user account. Please note, only authenticated user can request information.

2 Step 4. Create firewall rule to allow SNMP traffic Go to Firewall Create Rule and create firewall rule with the following parameters: Parameter Source Destination Service Apply Schedule Action Value Zone Zone in which SNMP server is placed Host SNMP server Zone Local Host Any Host SNMP All the Time Accept This completes the SNMP configuration in Cyberoam. Using SNMP Manager, you can access SNMP traps from the Interface configured in Cyberoam. SNMP Traps All the SNMP communities added in Cyberoam receive traps. Traps include trap message as well as the Cyberoam unit serial number or Cyberoam WAN IP address. To receive traps, SNMP Manager must load and compile the Cyberoam MIB. If SNMP manager has already included standard and private MIBs in a compiled database then add the Cyberoam proprietary MIB to that database. Cyberoam generates following traps, when the specified events or conditions occur: Traps highcpuusage High CPU usage i.e. CPU usage exceed 90% highdiskusage High Disk usage i.e. Disk usage exceed 90% highmemusage High Memory usage i.e. memory usage exceed 90% httpvirus smtpvirus pop3virus imap4virus ftpvirus linktoggle synflood tcpflood udpflood icmpflood HTTP virus detected by Cyberoam SMTP virus detected by Cyberoam POP3 virus detected by Cyberoam IMAP virus detected by Cyberoam FTP virus detected by Cyberoam Change of link status (up or down) DoS attack SYN flood detected by Cyberoam DoS attack TCP flood detected by Cyberoam DoS attack UDP flood detected by Cyberoam DoS attack ICMP flood detected by Cyberoam

3 Cyberoam MIB To monitor Cyberoam system information and receive Cyberoam traps then compile Cyberoam proprietary MIBs into SNMP manager. The Cyberoam replies to SNMP Get commands for MIB via configured interface. Download the attached custom Cyberoam MIB and load into any third-party SNMP management software. The Cyberoam MIB contains fields that report current Cyberoam Appliance status information. The tables below list the names of the s and describe the status information available for each. You can view more details about the information available from all Cyberoam s by compiling the cyberoam.mib file into your SNMP manager. Cyberoam supports following read-only MIB objects/fields: Cyberoam Appliance s (sysinstall) appliancekey appliancemodel cyberoamversion wabcatversion avversion asversion idpversion Appliance key number of the Cyberoam Appliance in use Appliance model number of the Cyberoam Appliance in use The Cyberoam version currently running on the Cyberoam Appliance. The Webcat version installed on the Cyberoam Appliance The antivirus definition version installed on the Cyberoam Appliance The antispam definition version installed on the Cyberoam Appliance The IDP signature definition version installed on the Cyberoam Appliance System s (sysstatus) cyberoamopmode systemdate cpupercentageusage diskcapacity diskusage memorycapacity memorypercentageusage swapcapacity swappercentageusage hamode The Cyberoam appliance operation mode - Transparent or Bridge Current date The current CPU usage (as a percent) The hard disk capacity (MB) The current hard disk usage (MB) The memory capacity (MB) The current memory utilization (as a percent) The swap capacity (MB) The current swap utilization (as a percent). The current Cyberaom High-Availability (HA) mode (standalone, A-P) liveusers httphits ftphits The current live connected users i.e. logged on users in Cyberoam Total HTTP hits Total TTP hits

4 pop3hits imaphits smtphits pop3service imapservice smtpservice ftpservice httpservice avservice asservice dnsservice haservice IDPService analyzerservice snmpservice Total POP3 hits Total IMAP hits Total SMTP hits The current status of POP3 service The current status of IMAP service The current status of SMTP service The current status of FTP service The current status of HTTP service The current status of AntiVirus service The current status of AntiSpam service The current status of DNS The current status of HA The current status of IDP service The current status of Analyzer The current status of SNMP License s (syslicesne) appregstatus (liappliance) appexpirydate (liappliance) supportsubstatus (lisupport) (lisupport) avsubstatus (liantivirus) (liantivirus) assubstatus (liantispam) (liantispam) idpsubstatus (liidp) Current Registration status of Cyberoam Appliance Expiry date of the Cyberoam Appliance, if Appliance is the Demo Appliance Current subscription status for Cyberoam Support Subscription Expiry date for Cyberoam Support, if subscribed Current subscription status for AntiVirus module Subscription Expiry date for AntiVirus module, if subscribed Current subscription status for AntiSpam module Subscription Expiry date for AntiSpam module, if subscribed Current subscription status for IDP module

5 (liidp) webcatsubstatus (liwebcat) (liwebcat) Subscription Expiry date for IDP module, if subscribed Current subscription status for Web and Application Filter module Subscription Expiry date for Web and Application Filter module, if subscribed Alert (sysalerts) highcpuusage High CPU usage i.e. CPU usage exceed 90% highdiskusage High Disk usage i.e. Disk usage exceed 90% highmemusage High Memory usage i.e. memory usage exceed 90% httpvirus smtpvirus pop3virus imap4virus ftpvirus linktoggle (dgdalerts) idpalert1 (idpalerts) synflood tcpflood udpflood icmpflood HTTP virus detected by Cyberoam SMTP virus detected by Cyberoam POP3 virus detected by Cyberoam IMAP virus detected by Cyberoam FTP virus detected by Cyberoam Change of link status (up or down) IDP alert DoS attack SYN flood detected by Cyberoam DoS attack TCP flood detected by Cyberoam DoS attack UDP flood detected by Cyberoam DoS attack ICMP flood detected by Cyberoam Document Version: /03/2011