4 Replies Latest reply on Oct 26, 2018 12:18 AM by furqan.anwar

    Adding server behind DMZ

    furqan.anwar

      Hi all

      We have a situation. Servers are placed in DMZ. they are pingable and file system is also accessible from orion server. But discovering via snmp and wmi is failed. ALL ports are allowed in ASA firewall as well as server.   How can I add them

        • Re: Adding server behind DMZ
          d09h

          I would run the SNMPwalk.exe program in your Orion installation folder.  Run Wireshark on the Orion server and capture the traffic.  Is the SNMP reply even coming back?  Any data in it?  Any authentication or encryption failures (if SNMPv3)?  Check logs of device you're trying to monitor and validate that the SNMP authentication and encryption were successful (if SNMPv3)

           

           

          There are some examples here:

           

          https://wiki.wireshark.org/SNMP

           

          https://wiki.wireshark.org/SampleCaptures#SNMP

           

          You could also SNMPwalk from the monitored device using the expected credentials.  If it doesn't work locally, doing it over the network won't be possible either.

          • Re: Adding server behind DMZ
            jqualls

            I am having the same issue.  We run SNMP to detect servers. We have server behind the DMZ also. i have added community string to those server behind the DMZ (Click Link).  I have opened ports 17777 and 17778 bi-directional, able to ping those servers from Orion NPM server and vice-versa, ran wireshark with no packets found, ran SNMPWalk which timed out with nothing found.

            Although I was able to create the node using ICMP only, I was still unable to test it without it failing. ANY SUGGESTIONS WOULD HELP.

             

            JQUALLS

            • Re: Adding server behind DMZ
              furqan.anwar

              despite allowing "all to all" in firewall. I guess that there is still something in firewall that is blocking SNMP.

              I also tried by allowing all SNMP related ports but issue still there