CheckPoint Gaia SNMP configuration
Here is an example of SNMPv3 configuration in CheckPoint Gaia Appliace:
set snmp agent on
set snmp contact "[email protected]"
set snmp location "Middle of nowhere"
add snmp address 123.34.56.78
set snmp agent-version v3-Only
add snmp usm user snmpv3user security-level authPriv auth-pass-phrase 111222333 privacy-pass-phrase 555666777
To use less secure version of SNMP v1/v2 use following commands:
set snmp agent on
set snmp contact "[email protected]"
set snmp location "Middle of nowhere"
add snmp address 123.34.56.78
set snmp agent-version any
set snmp community snmpv2community read-only
Replace 123.34.56.78 with Firewall’s interface IP which is going to answer the SNMP requests. This command may be omitted – then SNMP will listen on all interfaces.
If you want to enable SNMPv3 only you might want to remove the default “public” community from configuration file, but after changing the agent-version to v3-Only the firewall will reject your command:
delete snmp community public read-only
NMSSNM0075 SNMP v3-Only does not accept community strings.
To work around this issue, just execute:
set snmp agent-version any
delete snmp community public read-only
set snmp agent-version v3-Only
Just select SNMP menu item from System Management menu.
Then check the box for enabling the SNMP Agent, check the box for all the interfaces where you want the SNMP Agent to listen and press Apply.
Then configure your SNMP community as needed and press Apply under this section again.
Then configure your SNMP community as needed and press Apply under this section again.
Don’t forget to create a rule to allow SNMP access to your Security Gateway in your security policy and install it to get SNMP data.
If you don’t like the WebUI you might also configure the SNMP settings from the CLISH command line.
We most recent SNMP MIB can be found on a GAIA installation with R75.45 at
If you don’t like the WebUI you might also configure the SNMP settings from the CLISH command line.
set snmp agent on
set snmp agent-version any
set snmp community ThisIsSoSecret read-only
add snmp address 192.168.1.1
We most recent SNMP MIB can be found on a GAIA installation with R75.45 at
/opt/CPshrd-R75.40/lib/snmp/chkpnt.mib
No comments:
Post a Comment