SNMP Agent CLI

The SNMP agent currently supports HMAC-SHA1-96 for authentication and AES-128 for encryption.

For release 2023.5 and later

The 2023.5 Feature release replaced snmp-agent with net-snmp. The net-snmp installation will support a single, pre-defined SNMPv3 user named firemon, that cannot be changed or deleted. We have added a subcommand to the FMOS command line utility to allow you to set the password.

The SNMP user ‘firemon’ and the FMOS user ‘firemon’ are completely separate. You can’t log in to FMOS using the SNMP password, and you can’t access SNMP using the FMOS password.

SNMP Password Management

FMOS will respond to but reject all SNMP requests until the agent user password is set.

To set the FireMon SNMP agent password, complete the following steps. 

  1. Log in to the FMOS CLI. 

  2. Enter the following command: fmos snmp set-v3-password

  3. Complete the on-screen prompts.

Supported OIDs

Only the following default OIDs implemented in net-snmp will be supported.

1.3.6.1.2.1.25.2.2

1.3.6.1.2.1.25.2.3.1.4

1.3.6.1.2.1.25.2.3.1.5

1.3.6.1.2.1.25.3.2.1.2

1.3.6.1.2.1.25.3.2.1.3

1.3.6.1.2.1.25.3.3.1.2

1.3.6.1.2.1.25.5.1.1.2

1.3.6.1.2.1.31.1.1.1.1

1.3.6.1.4.1.2021.4.3.0

1.3.6.1.4.1.2021.4.4.0

1.3.6.1.4.1.2021.4.5.0

1.3.6.1.4.1.2021.4.6.0

1.3.6.1.4.1.2021.4.11.0

1.3.6.1.4.1.2021.4.13.0

1.3.6.1.4.1.2021.4.14.0

1.3.6.1.4.1.2021.4.15.0

1.3.6.1.4.1.2021.9.1.2

1.3.6.1.4.1.2021.9.1.3

1.3.6.1.4.1.2021.9.1.6

1.3.6.1.4.1.2021.9.1.7

1.3.6.1.4.1.2021.9.1.8

1.3.6.1.4.1.2021.9.1.9

1.3.6.1.4.1.2021.9.1.10

1.3.6.1.4.1.2021.10.1.3.1

1.3.6.1.4.1.2021.10.1.3.2

1.3.6.1.4.1.2021.10.1.3.3

1.3.6.1.4.1.2021.7890.2

1.3.6.1.4.1.2021.7890.3

1.3.6.1.4.1.2021.7890.4

For releases before 2023.5

The FMOS CLI must be used to add or remove users. SNMP users are added and removed with the FMOS snmpctl command.

Access to the SNMP agent requires authentication. In order to access the SNMP agent from an SNMP client, you will need to set up one or more SNMP users. SNMP users are separate and distinct from FMOS users. You can have an SNMP user named "abc" without an FMOS user named "abc," and vice versa. The existence of an FMOS user named "xyz" will not prevent you from adding an SNMP user named "xyz."

Add an SNMP User

To add an SNMP user, use the addUser function of the snmpctl command:

$ snmpctl --addUser --user=<username>

You will be prompted for a password for the user. The SNMP agent uses this password for both the authentication key and the privacy key.

  • If you enable AuthNoPriv in your SNMP client, use this password for the authentication key.

  • If you enable AuthPriv in your SNMP client, use this password for both the authentication key and the privacy key.

Remove an SNMP User

To remove an SNMP user, use the removeUser function of the snmpctl command:

$ snmpctl --removeUser --user=<username>

Once the SNMP password is set, FMOS will allow requests that specify SNMPv3 authentication and which use the username ‘firemon’ and the correct password.

When SNMP is first enabled, before the SNMP password has been set, FMOS will respond to SNMP requests but will reject all of them because it doesn’t recognize the user.

SNMP Password Management

To change an SNMP user's password, use the changePassword function of the snmpctl command:

$ snmpctl --changePassword --user=<username>

You will be prompted for the new password. The SNMP agent uses this password for both authentication and privacy. If your SNMP client is using AuthPriv, you will need to update both the authentication key and the privacy key with the new password.

SNMP User List

To see a list of all SNMP users, use the listUsers function of the snmpctl command:

$ snmpctl --listUsers