Categories Top Downloads
Login Register Upload

How_To_-_Configure_Cyberoam_as_SNMP_Agent.pdf

April 16, 2018 | Author: dhamecha_sweetu_6730 | Category: Denial Of Service Attack, Port (Computer Networking), Firewall (Computing), Networking Standards, Application Layer Protocols
Share Embed Donate
Report this link


Short Description

for cyberoam configuration...

Description

How To – Configure Cyberoam as SNMP Agent

How To – Configure Cyberoam as SNMP Agent

Applicable to Version: 9.4.1.0 onwards The Cyberoam SNMP implementation is read-only. SNMP v1, v2c and v3 compliant SNMP managers have read-only access to Cyberoam system information and can receive Cyberoam traps. Cyberoam supports custom (Cyberoam proprietary) Management Information Base (MIB) generating trap messages and for Cyberoam to reply to the SNMP GET commands for MIB via configured interface you need to download Cyberoam MIB. Configure SNMP from the Web Admin Console. Configuring SNMP is a four-step process as follows: • Download Cyberoam MIB attached with this document and load in your SNMP Manager device. • Start SNMP server as by default SNMP server is not ON • Create Agent • Create Community (SNMP v1 and v2c) or User (SNMP v3) • Create Firewall rule to allow SNMP traffic

Step 1. Start SNMP server Go to System Æ SNMP Æ Manage SNMP and click Start Step 2. Configure Cyberoam as SNMP Agent 1. Select System → SNMP → Agent Configuration 2. Specify a name to identify the Agent 3. Specify System Location. It is the physical location e.g. name of the department or city, where Cyberoam appliance is deployed. 4. Specify System Contact. It is the contact information e.g. name or email address, of the person responsible for the above-specified Cyberoam appliance. 5. Specify Manager Port. Cyberoam will use this port to send traps. Remote SNMP Management station/Manager will use this port to connect to the Cyberoam appliance. 6. Specify Description 7. Click Update to save the details Step 3. Create SNMP community (if SNMP manager supports SNMP v1 and v2c) 1. Select System → SNMP → Create Community 2. Specify a name to identify the Community 3. Specify IP address of the SNMP Manager that can use the settings in the SNMP community to monitor Cyberoam. 4. Enable the required SNMP protocol version support. SNMP v1 and v2c compliant SNMP managers have read-only access to Cyberoam system information and can receive Cyberoam traps. 5. Enable the required version for trap support. Traps will be sent to the SNMP Managers who support the specified versions only. 6. Specify Description 7. Click Create Step 3. Create V3 user (if SNMP manager supports SNMP v3) Go to System → SNMP → Create V3 User and create user by specifying username and password for the user account. Please note, only authenticated user can request information.

How To – Configure Cyberoam as SNMP Agent

Step 4. Create firewall rule to allow SNMP traffic Go to Firewall → Create Rule and create firewall rule with the following parameters: Parameter Source Destination Service Apply Schedule Action

Value Zone – Zone in which SNMP server is placed Host – SNMP server Zone – Local Host – Any Host SNMP All the Time Accept

This completes the SNMP configuration in Cyberoam. Using SNMP Manager, you can access SNMP traps from the Interface configured in Cyberoam.

SNMP Traps All the SNMP communities added in Cyberoam receive traps. Traps include trap message as well as the Cyberoam unit serial number or Cyberoam WAN IP address. To receive traps, SNMP Manager must load and compile the Cyberoam MIB. If SNMP manager has already included standard and private MIBs in a compiled database then add the Cyberoam proprietary MIB to that database. Cyberoam generates following traps, when the specified events or conditions occur: Traps

Description

highCpuUsage

High CPU usage i.e. CPU usage exceed 90%

highDiskUsage

High Disk usage i.e. Disk usage exceed 90%

highMemUsage

High Memory usage i.e. memory usage exceed 90%

httpVirus

HTTP virus detected by Cyberoam

smtpVirus

SMTP virus detected by Cyberoam

pop3Virus

POP3 virus detected by Cyberoam

imap4Virus

IMAP virus detected by Cyberoam

ftpVirus

FTP virus detected by Cyberoam

linkToggle

Change of link status (up or down)

synFlood

DoS attack – SYN flood detected by Cyberoam

tcpFlood

DoS attack – TCP flood detected by Cyberoam

udpFlood

DoS attack – UDP flood detected by Cyberoam

icmpFlood

DoS attack – ICMP flood detected by Cyberoam

How To – Configure Cyberoam as SNMP Agent

Cyberoam MIB To monitor Cyberoam system information and receive Cyberoam traps then compile Cyberoam proprietary MIBs into SNMP manager. The Cyberoam replies to SNMP Get commands for MIB via configured interface. Download the attached custom Cyberoam MIB and load into any third-party SNMP management software. The Cyberoam MIB contains fields that report current Cyberoam Appliance status information. The tables below list the names of the MIB fields and describe the status information available for each. You can view more details about the information available from all Cyberoam MIB fields by compiling the cyberoam.mib file into your SNMP manager. Cyberoam supports following read-only MIB objects/fields: Cyberoam Appliance MIB fields MIB field (sysInstall) applianceKey

Appliance key number of the Cyberoam Appliance in use

applianceModel

Appliance model number of the Cyberoam Appliance in use

cyberoamVersion

The Cyberoam version currently running on the Cyberoam Appliance.

wabcatVersion

The Webcat version installed on the Cyberoam Appliance

avVersion

The antivirus definition version installed on the Cyberoam Appliance

asVersion

The antispam definition version installed on the Cyberoam Appliance

idpVersion

The IDP signature definition version installed on the Cyberoam Appliance

Description

System MIB fields MIB field (sysStatus) cyberoamOpMode

Description The Cyberoam appliance operation mode - Transparent or Bridge

systemDate

Current date

cpuPercentageUsage

The current CPU usage (as a percent)

diskCapacity

The hard disk capacity (MB)

diskUsage

The current hard disk usage (MB)

memoryCapacity

The memory capacity (MB)

memoryPercentageUsage

The current memory utilization (as a percent)

swapCapacity

The swap capacity (MB)

swapPercentageUsage

The current swap utilization (as a percent).

haMode

The current Cyberaom High-Availability (HA) mode (standalone, A-P)

liveUsers

The current live connected users i.e. logged on users in Cyberoam

httpHits

Total HTTP hits

ftpHits

Total TTP hits

How To – Configure Cyberoam as SNMP Agent

pop3Hits (mailHits) imapHits (mailHits) smtpHits (mailHits) pop3Service (serviceStats) imapService (serviceStats) smtpService (serviceStats) ftpService (serviceStats) httpService (serviceStats) avService (serviceStats) asService (serviceStats) dnsService (serviceStats) haService (serviceStats) IDPService (serviceStats) analyzerService (serviceStats) snmpService (serviceStats)

Total POP3 hits Total IMAP hits Total SMTP hits The current status of POP3 service The current status of IMAP service The current status of SMTP service The current status of FTP service The current status of HTTP service The current status of AntiVirus service The current status of AntiSpam service The current status of DNS The current status of HA The current status of IDP service The current status of Analyzer The current status of SNMP

License MIB fields MIB field (sysLicesne) appRegStatus (liAppliance) appExpiryDate (liAppliance) supportSubStatus (lisupport) supportExpiryDate (lisupport) avSubStatus (liAntiVirus) supportExpiryDate (liAntiVirus) asSubStatus (liAntiSpam) supportExpiryDate (liAntiSpam) idpSubStatus (liIdp)

Description Current Registration status of Cyberoam Appliance Expiry date of the Cyberoam Appliance, if Appliance is the Demo Appliance Current subscription status for Cyberoam Support Subscription Expiry date for Cyberoam Support, if subscribed Current subscription status for AntiVirus module Subscription Expiry date for AntiVirus module, if subscribed Current subscription status for AntiSpam module Subscription Expiry date for AntiSpam module, if subscribed Current subscription status for IDP module

How To – Configure Cyberoam as SNMP Agent

supportExpiryDate (liIdp) webcatSubStatus (liWebcat) supportExpiryDate (liWebcat)

Subscription Expiry date for IDP module, if subscribed Current subscription status for Web and Application Filter module Subscription Expiry date for Web and Application Filter module, if subscribed

Alert MIB field MIB field (sysAlerts) highCpuUsage

High CPU usage i.e. CPU usage exceed 90%

highDiskUsage

High Disk usage i.e. Disk usage exceed 90%

highMemUsage

High Memory usage i.e. memory usage exceed 90%

httpVirus (avAlerts) smtpVirus (avAlerts) pop3Virus (avAlerts) imap4Virus (avAlerts) ftpVirus (avAlerts) linkToggle (dgdAlerts) idpAlert1 (idpAlerts) synFlood (dosAlerts) tcpFlood (dosAlerts) udpFlood (dosAlerts) icmpFlood (dosAlerts)

HTTP virus detected by Cyberoam

Description

SMTP virus detected by Cyberoam POP3 virus detected by Cyberoam IMAP virus detected by Cyberoam FTP virus detected by Cyberoam Change of link status (up or down) IDP alert DoS attack – SYN flood detected by Cyberoam DoS attack – TCP flood detected by Cyberoam DoS attack – UDP flood detected by Cyberoam DoS attack – ICMP flood detected by Cyberoam

Document Version: 4.2- 09/03/2011

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF