You have to enable SNMP on the PIX, yes, but you also have to tell the PIX which IP addresses are allowed to query SNMP from it (which implies you know the precise IP address WUG looks like when it gets to the PIX). If you're using NAT or the PIX in a VPN configuration, you may have to do some sniffing to make sure the IP of WUG is the one you expected it to be. Aditionally, you'll have to write a rule on the PIX to allow SNMP gets from the WUG IP address. Best thing to do in these situations is to do packet captures on the PIX interface each time you make a change, until you see communications going both ways, you don't necessarily have to do that but it's a thorough approach. Hope that helps, pj
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Krygeris Sent: Tuesday, August 02, 2005 10:11 AM To: [email protected] Subject: RE: [WhatsUp Forum] Monitoring a PIX 501 Bruce, Just enable SNMP on the device in WUG and run "autodiscover". This should pick up all the interfaces on the PIX. Delete all the interfaces you don't care about and voila! You are monitoring interface status. Regards, Mike Krygeris Somix Technologies, INC [EMAIL PROTECTED] 207-324-8805 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Meyer, Bruce Sent: Tuesday, August 02, 2005 9:46 AM To: '[email protected]' Subject: RE: [WhatsUp Forum] Monitoring a PIX 501 Sorry Steve, I wasn't clear on my original question. Yes, I am looking for the PIX config to allow WUG to monitor the pix on its internal interface. I have the MIB's compiled in WUG. Most of what I monitor are Cisco routers and switches. Bottom line, I am just going to monitor the ports on the PIX 501, if a port disappears, connectivity has been lost. The 501 has an integrated 4 port switch. (fa1-4) and the wan connection is fa0. So I basically just wanted to monitor fa0 as being up or down. Anyway short answer is: I am asking for help on how to configure the PIX to allow WUG to monitor SNMP on the PIX. --bruce -----Original Message----- From: Steve C Busby [mailto:[EMAIL PROTECTED] Sent: Monday, August 01, 2005 5:24 PM To: [email protected] Cc: '[email protected]'; [EMAIL PROTECTED] Subject: Re: [WhatsUp Forum] Monitoring a PIX 501 Hi Bruce, Are you looking for the configuration needed on your Whatsup Server to monitor the Pix via SNMP? If so, then wouldn't the IP address and SNMP RO community string provide that? Or are you looking for what changes need to be made on the PIX to allow it to be monitored/accessed via SNMP? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks, Steve Busby Information Technology Services University of Nebraska Medical Center 985030 Nebraska Medical Center [EMAIL PROTECTED] 402.559.9621 If Linux doesn't have the solution, you have the wrong problem. ***************University of Nebraska Medical Center E-mail Confidentiality Disclaimer *************** The information in this e-mail is privileged and confidential, intended only for the use of the addressee(s) above. Any unauthorized use or disclosure of this information is prohibited. If you have received this e-mail by mistake please delete it and immediately contact the sender. "Meyer, Bruce" <[EMAIL PROTECTED] sc.net> To Sent by: "'[email protected]'" WhatsUp_Forum-own <[email protected]> [EMAIL PROTECTED] cc com Subject [WhatsUp Forum] Monitoring a PIX 08/01/05 02:48 PM 501 Please respond to [EMAIL PROTECTED] t.ipswitch.com Does anyone have a working config for SNMP monitoring of a PIX? The scenario is: We have a few remote locations that we can't hit with our traditional methods, so we use Cable and a PIX, and IP over RF and a PIX. Both are public lines, with a nailed VPN tunnel. I just want to monitor the PIX for snmp. Thanks for any help. ----------------------- Bruce D. Meyer, CCNA, MCSE Network Analyst City of Columbia Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ The information contained in this e-mail and any attached documents may be privileged, confidential and protected from disclosure. If you are not the intended recipient you may not read, copy, distribute or use this information. If you have received this communication in error, please notify the sender immediately by replying to this message and then delete it from your system. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/
