Applicable to Version: 9.4.1.0 onwards The Cyberoam SNMP implementation is read-only. SNMP v1, v2c and v3 compliant SNMP managers have read-only access to Cyberoam system information and can receive Cyberoam traps. Cyberoam supports custom (Cyberoam proprietary) Management Information Base (MIB) generating trap messages and for Cyberoam to reply to the SNMP GET commands for MIB via configured interface you need to download Cyberoam MIB. Configure SNMP from the Web Admin Console. Configuring SNMP is a four-step process as follows: • Download Cyberoam MIB attached with this document and load in your SNMP Manager device. • Start SNMP server as by default SNMP server is not ON • Create Agent • Create Community (SNMP v1 and v2c) or User (SNMP v3) • Create Firewall rule to allow SNMP traffic
Step 1. Start SNMP server Go to System Æ SNMP Æ Manage SNMP and click Start Step 2. Configure Cyberoam as SNMP Agent 1. Select System → SNMP → Agent Configuration 2. Specify a name to identify the Agent 3. Specify System Location. It is the physical location e.g. name of the department or city, where Cyberoam appliance is deployed. 4. Specify System Contact. It is the contact information e.g. name or email address, of the person responsible for the above-specified Cyberoam appliance. 5. Specify Manager Port. Cyberoam will use this port to send traps. Remote SNMP Management station/Manager will use this port to connect to the Cyberoam appliance. 6. Specify Description 7. Click Update to save the details Step 3. Create SNMP community (if SNMP manager supports SNMP v1 and v2c) 1. Select System → SNMP → Create Community 2. Specify a name to identify the Community 3. Specify IP address of the SNMP Manager that can use the settings in the SNMP community to monitor Cyberoam. 4. Enable the required SNMP protocol version support. SNMP v1 and v2c compliant SNMP managers have read-only access to Cyberoam system information and can receive Cyberoam traps. 5. Enable the required version for trap support. Traps will be sent to the SNMP Managers who support the specified versions only. 6. Specify Description 7. Click Create Step 3. Create V3 user (if SNMP manager supports SNMP v3) Go to System → SNMP → Create V3 User and create user by specifying username and password for the user account. Please note, only authenticated user can request information.
How To – Configure Cyberoam as SNMP Agent
Step 4. Create firewall rule to allow SNMP traffic Go to Firewall → Create Rule and create firewall rule with the following parameters: Parameter Source Destination Service Apply Schedule Action
Value Zone – Zone in which SNMP server is placed Host – SNMP server Zone – Local Host – Any Host SNMP All the Time Accept
This completes the SNMP configuration in Cyberoam. Using SNMP Manager, you can access SNMP traps from the Interface configured in Cyberoam.
SNMP Traps All the SNMP communities added in Cyberoam receive traps. Traps include trap message as well as the Cyberoam unit serial number or Cyberoam WAN IP address. To receive traps, SNMP Manager must load and compile the Cyberoam MIB. If SNMP manager has already included standard and private MIBs in a compiled database then add the Cyberoam proprietary MIB to that database. Cyberoam generates following traps, when the specified events or conditions occur: Traps
Description
highCpuUsage
High CPU usage i.e. CPU usage exceed 90%
highDiskUsage
High Disk usage i.e. Disk usage exceed 90%
highMemUsage
High Memory usage i.e. memory usage exceed 90%
httpVirus
HTTP virus detected by Cyberoam
smtpVirus
SMTP virus detected by Cyberoam
pop3Virus
POP3 virus detected by Cyberoam
imap4Virus
IMAP virus detected by Cyberoam
ftpVirus
FTP virus detected by Cyberoam
linkToggle
Change of link status (up or down)
synFlood
DoS attack – SYN flood detected by Cyberoam
tcpFlood
DoS attack – TCP flood detected by Cyberoam
udpFlood
DoS attack – UDP flood detected by Cyberoam
icmpFlood
DoS attack – ICMP flood detected by Cyberoam
How To – Configure Cyberoam as SNMP Agent
Cyberoam MIB To monitor Cyberoam system information and receive Cyberoam traps then compile Cyberoam proprietary MIBs into SNMP manager. The Cyberoam replies to SNMP Get commands for MIB via configured interface. Download the attached custom Cyberoam MIB and load into any third-party SNMP management software. The Cyberoam MIB contains fields that report current Cyberoam Appliance status information. The tables below list the names of the MIB fields and describe the status information available for each. You can view more details about the information available from all Cyberoam MIB fields by compiling the cyberoam.mib file into your SNMP manager. Cyberoam supports following read-only MIB objects/fields: Cyberoam Appliance MIB fields MIB field (sysInstall) applianceKey
Appliance key number of the Cyberoam Appliance in use
applianceModel
Appliance model number of the Cyberoam Appliance in use
cyberoamVersion
The Cyberoam version currently running on the Cyberoam Appliance.
wabcatVersion
The Webcat version installed on the Cyberoam Appliance
avVersion
The antivirus definition version installed on the Cyberoam Appliance
asVersion
The antispam definition version installed on the Cyberoam Appliance
idpVersion
The IDP signature definition version installed on the Cyberoam Appliance
Description
System MIB fields MIB field (sysStatus) cyberoamOpMode
Description The Cyberoam appliance operation mode - Transparent or Bridge
systemDate
Current date
cpuPercentageUsage
The current CPU usage (as a percent)
diskCapacity
The hard disk capacity (MB)
diskUsage
The current hard disk usage (MB)
memoryCapacity
The memory capacity (MB)
memoryPercentageUsage
The current memory utilization (as a percent)
swapCapacity
The swap capacity (MB)
swapPercentageUsage
The current swap utilization (as a percent).
haMode
The current Cyberaom High-Availability (HA) mode (standalone, A-P)
liveUsers
The current live connected users i.e. logged on users in Cyberoam
Total POP3 hits Total IMAP hits Total SMTP hits The current status of POP3 service The current status of IMAP service The current status of SMTP service The current status of FTP service The current status of HTTP service The current status of AntiVirus service The current status of AntiSpam service The current status of DNS The current status of HA The current status of IDP service The current status of Analyzer The current status of SNMP
Description Current Registration status of Cyberoam Appliance Expiry date of the Cyberoam Appliance, if Appliance is the Demo Appliance Current subscription status for Cyberoam Support Subscription Expiry date for Cyberoam Support, if subscribed Current subscription status for AntiVirus module Subscription Expiry date for AntiVirus module, if subscribed Current subscription status for AntiSpam module Subscription Expiry date for AntiSpam module, if subscribed Current subscription status for IDP module
Subscription Expiry date for IDP module, if subscribed Current subscription status for Web and Application Filter module Subscription Expiry date for Web and Application Filter module, if subscribed
Alert MIB field MIB field (sysAlerts) highCpuUsage
SMTP virus detected by Cyberoam POP3 virus detected by Cyberoam IMAP virus detected by Cyberoam FTP virus detected by Cyberoam Change of link status (up or down) IDP alert DoS attack – SYN flood detected by Cyberoam DoS attack – TCP flood detected by Cyberoam DoS attack – UDP flood detected by Cyberoam DoS attack – ICMP flood detected by Cyberoam
Thank you for interesting in our services. We are a non-profit group that run this website to share documents. We need your help to maintenance this website.