Table 30-1 SNMPv2 Options
The trap type to use for IP addresses that appear in the alerts.
If your network management system correctly renders the INET_IPV4 address type, then you can select
. Otherwise, select
. For example, HP Openview requires the string type.
The server that will receive SNMP traps notification.
You can specify a single IP address or hostname.
The community name.
Note SNMPv2 only supports read-only communities.
For SNMPv3, you can specify the options described in the following table.
Note When using SNMPv3, the appliance uses an Engine ID value to encode the message. Your SNMP server requires this value to decode the message. Currently, this Engine ID value will always be the hexadecimal version of the appliance’s IP address with
01 at the end of the string. For example, if the appliance sending the SNMP alert has an IP address of
172.16.1.50, the Engine ID is
0xAC10013201 or, if the appliance has an IP address of
0x0a01014D01 is used as the Engine ID.
Configuring SNMP Responses
You can configure SNMP alerting in an intrusion policy. After you apply the policy as part of an access control policy, the system notifies you of any intrusion events it detects via SNMP trap. For more details on SNMP alerting, see Using SNMP Responses.
To configure SNMP alerting options:
Step 1 Select
Configuration > ASA FirePOWER Configuration > Policies> Intrusion Policy
The Intrusion Policy page appears.
Step 2 Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
to discard those changes and continue. See Resolving Conflicts and Committing Policy Changes for information on saving unsaved changes in another policy.
The Policy Information page appears.
Step 3 Click
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4 You have two choices, depending on whether
under External Responses is enabled:
If the configuration is enabled, click
If the configuration is disabled, click
, then click
The SNMP Alerting page appears.
A message at the bottom of the page identifies the intrusion policy layer that contains the configuration. See Using Layers in a Network Analysis or Intrusion Policy for more information.
Step 5 Specify the trap type format that you want to use for IP addresses that appear in the alerts,
Note If your network management system correctly renders the INET_IPV4 address type, then you can use the as Binary option. Otherwise, use the as String option. For example, HP OpenView requires the as String option.
Step 6 Select either SNMPv2 or SNMPv3:
To configure SNMPv2, enter the IP address and the community name of the trap server you want to use in the corresponding fields. See SNMPv2 Options.
To configure SNMPv3, enter the IP address of the trap server you want to use, an authentication password, a private password, and a user name in the corresponding fields. See SNMPv3 Options for more information.
Note You must select SNMPv2 or SNMPv3. SNMPv2 only supports read-only communities and SNMPv3 only supports read-only users.
Note When you enter an SNMPv3 password, the password displays in plain text during initial configuration but is saved in encrypted format.
Step 7 Save your policy, continue editing, discard your changes, revert to the default configuration settings in the base policy, or exit while leaving your changes in the system cache. See Resolving Conflicts and Committing Policy Changes for more information.