8 Replies Latest reply on Sep 25, 2012 1:33 PM by Richard Nicholson

    SNMP test fail

    jschlotzhauer

      Hello,

       

      I am attempting to add my computer as a node on NPM. For some reason when I go to validate the community string for the SNMP polling option the test fails. I have turned off all firewalls, restarted all SNMP services both on my computer and on the server, and I've made sure the SNMP community strings match. I am running out of ideas on how to fix this problem. I am in need of some help. Thanks in advance.

       

      Regards,

      Jeff

        • Re: SNMP test fail
          jschlotzhauer

          I have successfully added the node, but only by disabling the windows firewall on my PC. When I turned the firewall back on the "node went down". Any ideas on how to monitor the node with the Windows Firewall enabled?

          • Re: SNMP test fail
            jesseo

            Is there a reason you would still need Windows firewall on.  In our domain we have a firewall appliance that most if not all traffic goes though.  Also what ver of SMNP are you using?

              • Re: SNMP test fail
                Richard Nicholson

                The firewall is the last line of defense for nodes in environment if someone figures out how to get in and get to your desktop/laptop you can go ahead and say good bye to that image.  So should you have a Firewall on your Desktop/Laptop in your enterprise environment??  With out flinching and answering as fast as I can.. YES!!!  You can never have enough layers of sercurity in the world these days.

                 

                Think about it like this.  A firewall is only protecting Layers 2 - 3 what about layers 4 - 7.. What about the dreaded Layer 8 (End Users/Employees) where there is only trust protection past what you lock down? How about your applications?  Just because Layers 2 and 3 are on lock down with a firewall who's to say the hacker didn't find an exploit on an application that had access in the firewall already for production use.  Now that hacker is in your network and past your firewall by piggy backing on a higher layer.  Are you protected on the inside as well?  Do you have an IPS checking traffic? A WAF (web application firewall)?  ATD/Zero-Day detection?  If you don't I would never advise turning off a firewall on a physical node, or for that matter even if you do have those products never turn it off..  Protect everything as much as you can, or as much as budget allows in most company scenarios.

                 

                Just food for thought! 

                  • Re: SNMP test fail
                    jesseo

                    That is true but if a hacker got past your 3K-15K Firewalls I am sure windows FW doesn't have a chance. Also if your using SNMP ver 1-2 then also you have a weakness there.  With domain rights and exchange, windows, you reduce what hackers can get or not. 

                      • Re: SNMP test fail
                        Richard Nicholson

                        It may not, but Windows firewall does have the ability to filter on ip/port and application, plus your AV should be watching on top of what a firewall wouldn't have seen IE attemped changes in files/registry..  So in theroy you could have a chance, but how would we ever find out if the firewall was off in the first place.  I would rather tell management that the issue happened and "we" as a company had everything in place we possibly could as opposed to well the windows firewall just didn't seem like it would matter if an attack got in so we just left it off so we didn't have to configure each one.  Most of the time all they hear at this point is "I left off the firewall because I'm lazy" while this may not be true.  It's exactly what I have seen happen in the past, and is not a part of best practices.