Configuring SNMPv3 in ScreenOS Devices (NSM Procedure)

The Simple Network Management Protocol (SNMP) agent for a Juniper Networks security device provides network administrators with a way to view statistical data about the network and the devices on it and to receive notification of system events of interest.

Juniper Networks security devices support SNMPv1, SNMPv2c, and SNMPv3. Security devices are not shipped with a default configuration for SNMPv3. To configure your security device for SNMPv3, you must first create a unique engine ID to identify an SNMP entity and a user-based security model (USM) with the respective privilege and password. By default, the SNMPv3 engine ID is the serial number of the device.

When you create a USM, you can specify the authentication type (MD5, SHA, or None). The authentication type computes identical message digests for the same block of data. The USM requires a password and uses Data Encryption Standard (DES) to encrypt and decrypt the SNMPv3 packets.

To configure SNMPv3 features in ScreenOS devices:

  1. In the NSM navigation tree, select Device Manager > Devices. The Device Tree page appears.
  2. Click the Device Tree tab, and then double-click the security device for which you want to configure SNMPv3 features.
  3. In the Configuration page, select Report Settings > SNMPv3. The SNMPv3 page appears.
  4. Add or modify the SNMPv3 features as described in Table 39.
  5. Click one:
    • OK—Saves the changes.
    • Cancel—Cancels the modifications.

Table 39: Configuring SNMPv3 Features in ScreenOS Devices

OptionDescription
SNMPv3 > Basic tab

Local Engine ID

Identifies an SNMP entity and a USM with the respective privilege and password.

SNMPv3 > USM User tab

User Name

Specifies the username of the USM.

Auth Protocol

Specifies an authentication type. Select a value from the drop-down list. When you select either MD5 or SHA, you are prompted to enter an authentication password.

SNMPv3 > View tab

View Name

Specifies the view name of the model. Each view is tagged with an object identifier (OID) and mask values.

Oid

Specifies the object identifier. The format to enter an OID: Begin with “.” and separate by “.”. For example, .3.4.5.2

Mask

Specifies the mask values of the view model. You can enter a two-digit value only.

Type

Specifies if you want to include or exclude an IP address entry from the address list of the MIB tables.

SNMPv3 > Access Group tab

Group

Specifies the access group name.

Security Model

Specifies the security model for the access group.

Security Level

Specifies the security level for the access group.

Notify

Specifies the notification parameter for the access group.

Read

Specifies the read access privilege for the access group.

Write

Specifies the write access privilege for the access group.

SNMPv3 > Community tab

Community Name

Specifies the community name that is in combination with an access group.

Tag

Specifies the tag name. Each community is tagged.

SNMPv3 > Sec-to-group Mapping tab

Group

Specifies the group name of the group section map.

Security Model

Specifies the security model of the group section.

Mapping User

Specifies the username that is mapped with the USM.

SNMPv3 > Filter tab

Filter Name

Specifies the filter name. A security device can support up to 32 SNMPv3 filters.

Oid

Specifies the object identifier. The format to enter an OID: Begin with “.” and separate by “.”. For example, .3.4.5.2

Mask

Specifies the mask values of the filter. You can enter a two-digit value only.

Type

Specifies if you want to include or exclude an IP address entry from the address list of the MIB tables.

SNMPv3 > Target Parameter tab

Target Parameter Name

Specifies the target parameter name that is used while sending a trap to a target. A security device can support up to 32 target parameters.

Filter

Specifies the filter that you have created. Each filter is tagged to a target (host).

Security Model

Specifies the security model of the target parameter.

Security Level

Specifies the security level of the target parameter.

Community

Specifies the community that you have created.

SNMPv3 > Target Address tab

Target Name

Specifies the target name.

IPv4/IPv6 Address

Specifies either the IPv4 or IPv6 IP address. The system sends the trap to the target if the mask is 32 for IPv4 addresses or 128 for IPv6 addresses.

Netmask/Prefix

Specifies the netmask of the IPv4 or IPv6 IP address.

Port

Specifies the port.

Target Parameter

Specifies the target parameter that you have created.

Tag List

Specifies the tag value that you have selected in the filter.

Related Documentation