Table 39-1 SNMP v2 Options
|
|
Trap Type
|
The trap type to use for IP addresses that appear in the alerts.
If your network management system correctly renders the INET_IPV4 address type, then you can select
as Binary
. Otherwise, select
as String
. For example, HP Openview requires the string type.
|
Trap Server
|
The server that will receive SNMP traps notification.
You can specify a single IP address or hostname.
|
Community String
|
The community name.
|
SNMP v3 Options
For SNMP v3, you can specify the options described in the following table.
Note When using SNMP v3, the appliance uses an Engine ID value to encode the message. Your SNMP server requires this value to decode the message. Currently, this Engine ID value will always be the hexadecimal version of the appliance’s IP address with 01
at the end of the string. For example, if the appliance sending the SNMP alert has an IP address of 172.16.1.50
, the Engine ID is 0xAC10013201
or, if the appliance has an IP address of 10.1.1.77
, 0x0a01014D01
is used as the Engine ID.
Configuring SNMP Responses
License:
Protection
You can configure SNMP alerting in an intrusion policy. After you apply the policy as part of an access control policy, the system notifies you of any intrusion events it detects via SNMP trap. For more details on SNMP alerting, see Using SNMP Responses.
To configure SNMP alerting options:
Step 1 Select
Configuration > ASA FirePOWER Configuration > Policies> Intrusion Policy
.
The Intrusion Policy page appears.
Step 2 Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See Resolving Conflicts and Committing Policy Changes for information on saving unsaved changes in another policy.
The Policy Information page appears.
Step 3 Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4 You have two choices, depending on whether
SNMP Alerting
under External Responses is enabled:
-
If the configuration is enabled, click
Edit
.
-
If the configuration is disabled, click
Enabled
, then click
Edit
.
The SNMP Alerting page appears.
A message at the bottom of the page identifies the intrusion policy layer that contains the configuration. See Using Layers in a Network Analysis or Intrusion Policy for more information.
Step 5 Specify the trap type format that you want to use for IP addresses that appear in the alerts,
as Binary
or
as String
.
Note If your network management system correctly renders the INET_IPV4 address type, then you can use the as Binary option. Otherwise, use the as String option. For example, HP OpenView requires the as String option.
Step 6 Select either SNMP v2 or SNMP v3:
-
To configure SNMP v2, enter the IP address and the community name of the trap server you want to use in the corresponding fields. See SNMP v2 Options.
-
To configure SNMP v3, enter the IP address of the trap server you want to use, an authentication password, a private password, and a user name in the corresponding fields. See SNMP v3 Options for more information.
Note You must select SNMP v2 or SNMP v3.
Note When you enter an SNMP v3 password, the password displays in plain text during initial configuration but is saved in encrypted format.
Step 7 Save your policy, continue editing, discard your changes, revert to the default configuration settings in the base policy, or exit while leaving your changes in the system cache. See Resolving Conflicts and Committing Policy Changes for more information.