Introduction to NSFOCUS WAF SNMP

Introduction to NSFOCUS WAF SNMP

dezembro 22, 2023 | NSFOCUS

Simple Network Management Protocol (SNMP) is an application-layer protocol that transmits management data between network devices. SNMP belongs to the Transmission Control Protocol/Internet Protocol (TCP/IP) family and is one of the most widely used network protocols for managing and monitoring network components across a variety of industries. The majority of network components come with an integrated SNMP agent. To connect with network monitoring tools or the network management system, these agents have to be activated and set up. Afterward, SNMP can be used to gather and organize data about each device. NSFOCUS WAF supports sending logs to an SNMP server for storage.

Click Download on the page to download the management information base (MIB) file of WAF to a local disk drive. Which MIB file is used depends on the log standard selected for web access logs (WEB_ACL) on the Log Sending Parameter Configuration page. If WAF_DEFAULT is selected, WAFV6-DEFAULT-MIB is used. If APACHE_ECLF is selected, WAFV6-ECLF-MIB is used.

NSFOCUS WAF supports SNMPv1, v2c, and v3.

  • SNMP Version 1 (SNMPv1)

SNMP version 1 was the first implementation of SNMP, and it supports 32-bit counters, which limit its ability to secure a system, specifically due to the relatively slow rate at which it can process information—32 bits at a time.  It uses clear-text community strings, which work like passwords or user IDs to allow access to device data.  However, this kind of authentication is less secure than what the newer versions use.

  • SNMP Version 2 (SNMPv2)

SNMP version 2 replaces the 32-bit counters with 64-bit ones.  But despite this improvement, it still has the same issues that come with community strings.

  • SNMP Version 3 (SNMPv3)

Version 3 comes with a combination of authentication and encryption options, which allows it to prevent unauthorized access, as well as attempts by hackers to spy on communications.  As a result, SNMPv3 is more secure than the previous two versions.

Parameters for creating an SNMPv3 agent

ParameterDescription
User NameSpecifies the SNMPv3 user name.
Authentication ProtocolSpecifies the protocol used for authentication, which can be MD5 or SHA.
Authentication KeySpecifies the key used for authentication.
Encryption ProtocolSpecifies the encryption algorithm used for transmitting messages, which can be DES or AES.
Encryption KeySpecifies the key used for encryption.
Security GradeSpecifies the minimum security level for a user’s access, which can be Not authenticated, Authenticated, or Authenticated and encrypted.

Parameters for configuring SNMPv3 trap

ParameterDescription
Destination HostSpecifies the host that receives SNMP trap alerts sent by WAF. You can type an IPv4 or IPv6 address, for example, 192.168.1.0 or 2001:abcd:123:1::.
Receiving PortSpecifies the port for receiving SNMP trap alerts.
User NameSpecifies the SNMPv3 user name.
Authentication ProtocolSpecifies the protocol used for authentication, which can be MD5 or SHA.
Authentication KeySpecifies the key used for authentication.
Encryption ProtocolSpecifies the encryption algorithm used for transmitting messages, which can be DES or AES.
Encryption KeySpecifies the key used for encryption.
Security GradeSpecifies the minimum security level for a user’s access, which can be Not authenticated, Authenticated, or Authenticated and encrypted.
engineIDSpecifies the ID of the SNMP engine. The ID is a 16-bit hexadecimal digit without starting with 0x.