Remote SNMP Howto?
-
I have a pfsense installation that I would like to monitor via SNMP. How do I set it up so that the snmp agent is exposed on the wan interface? I'd like to protect it with a rule that restricts the traffic based on source.
Thanks.
-
Adding a rule that allows UDP/161 inbound (with restrictions based on source) should be sufficient.
Naturally, you have to enable snmp too…
-Rob
-
hmmm. i tried that with no luck. snmp service enabled on pfsense. rule passing snmp traffic. attempting to poll the external wan IP address. I get no snmp response. internally on the trusted interface it responds fine. This however doesnt help me much as I need to monitor it from a remote site.
I'll keep messing with it.
-
Where did you create the rule?
On WAN?
Is the order of the rules so that your "allow SNMP rule" is at the top (an has an effect)? -
IIRC, there's something in the docs about this. I think you have to create a static route. Check the docs.
-
I think you mean this:
http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP%2C_use_syslog%2C_NTP%2C_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F
I thought that was only with an IPSec tunnel, but it's worth a shot… -
I perform this all the time. I just create a rule on the WAN interface allowing access to the WAN ip via the UDP protocol on port 161.
Now, getting this to work on a 2nd or 3rd WAN interface, I have NEVER been able to get it to work, however :( .
-
I also am trying to monitor via SNMP remotely from the wan side however this particular box has the lan bridged to the wan to pass through a .248 live subnet. I keep getting msgs that the pfsense box is not responding to the requests. I have confirmed that SNMP is active.
I should add that "enable filtering bridge" is currently disabled.
Anyone know what a rule should look like here?