Configuring SNMPv3 in ScreenOS Devices (NSM Procedure)
The Simple Network Management Protocol (SNMP) agent for a Juniper
Networks security device provides network administrators with a way
to view statistical data about the network and the devices on it and
to receive notification of system events of interest.
Juniper Networks security devices support SNMPv1, SNMPv2c, and
SNMPv3. Security devices are not shipped with a default configuration
for SNMPv3. To configure your security device for SNMPv3, you must
first create a unique engine ID to identify an SNMP entity and a user-based
security model (USM) with the respective privilege and password. By
default, the SNMPv3 engine ID is the serial number of the device.
When you create a USM, you can specify the authentication type
(MD5, SHA, or None). The authentication type computes identical message
digests for the same block of data. The USM requires a password and
uses Data Encryption Standard (DES) to encrypt and decrypt the SNMPv3
packets.
To configure SNMPv3 features in ScreenOS devices:
- In the NSM navigation tree, select Device Manager > Devices. The Device Tree page appears.
- Click the Device Tree tab, and then double-click the security device for which you want
to configure SNMPv3 features.
- In the Configuration page, select Report Settings > SNMPv3. The SNMPv3 page appears.
- Add or modify the SNMPv3 features as described
in Table 1.
- Click one:
- OK—Saves the changes.
- Cancel—Cancels the modifications.
Table 1: Configuring SNMPv3 Features in ScreenOS
Devices
| Option |
Description |
| SNMPv3 > Basic
tab |
Local Engine ID
|
Identifies an SNMP entity and a USM with the respective
privilege and password.
|
| SNMPv3 > USM User
tab |
User Name
|
Specifies the username of the USM.
|
Auth Protocol
|
Specifies an authentication type. Select a value from
the drop-down list. When you select either MD5 or SHA, you are prompted
to enter an authentication password.
|
| SNMPv3 > View
tab |
View Name
|
Specifies the view name of the model. Each view is tagged
with an object identifier (OID) and mask values.
|
Oid
|
Specifies the object identifier. The format to enter
an OID: Begin with “.” and separate by “.”.
For example, .3.4.5.2
|
Mask
|
Specifies the mask values of the view model. You can
enter a two-digit value only.
|
Type
|
Specifies if you want to include or exclude an IP address
entry from the address list of the MIB tables.
|
| SNMPv3 > Access
Group tab |
Group
|
Specifies the access group name.
|
Security Model
|
Specifies the security model for the access group.
|
Security Level
|
Specifies the security level for the access group.
|
Notify
|
Specifies the notification parameter for the access group.
|
Read
|
Specifies the read access privilege for the access group.
|
Write
|
Specifies the write access privilege for the access group.
|
| SNMPv3 > Community
tab |
Community Name
|
Specifies the community name that is in combination with
an access group.
|
Tag
|
Specifies the tag name. Each community is tagged.
|
| SNMPv3 > Sec-to-group
Mapping tab |
Group
|
Specifies the group name of the group section map.
|
Security Model
|
Specifies the security model of the group section.
|
Mapping User
|
Specifies the username that is mapped with the USM.
|
| SNMPv3 > Filter
tab |
Filter Name
|
Specifies the filter name. A security device can support
up to 32 SNMPv3 filters.
|
Oid
|
Specifies the object identifier. The format to enter
an OID: Begin with “.” and separate by “.”.
For example, .3.4.5.2
|
Mask
|
Specifies the mask values of the filter. You can enter
a two-digit value only.
|
Type
|
Specifies if you want to include or exclude an IP address
entry from the address list of the MIB tables.
|
| SNMPv3 > Target
Parameter tab |
Target Parameter Name
|
Specifies the target parameter name that is used while
sending a trap to a target. A security device can support up to 32
target parameters.
|
Filter
|
Specifies the filter that you have created. Each filter
is tagged to a target (host).
|
Security Model
|
Specifies the security model of the target parameter.
|
Security Level
|
Specifies the security level of the target parameter.
|
Community
|
Specifies the community that you have created.
|
| SNMPv3 > Target
Address tab |
Target Name
|
Specifies the target name.
|
IPv4/IPv6 Address
|
Specifies either the IPv4 or IPv6 IP address. The system
sends the trap to the target if the mask is 32 for IPv4 addresses
or 128 for IPv6 addresses.
|
Netmask/Prefix
|
Specifies the netmask of the IPv4 or IPv6 IP address.
|
Port
|
Specifies the port.
|
Target Parameter
|
Specifies the target parameter that you have created.
|
Tag List
|
Specifies the tag value that you have selected in the
filter.
|
Published: 2009-08-20
