How To Configure Cyberoam as SNMP Agent

How To Configure Cyberoam as SNMP Agent

Applicable to Version: 9.4.1.0 onwards The Cyberoam SNMP implementation is read-only. SNMP v1, v2c and v3 compliant SNMP managers have read-only access to Cyberoam system information and can receive Cyberoam traps. Cyberoam supports custom (Cyberoam proprietary) Management Information Base (MIB) generating trap messages and for Cyberoam to reply to the SNMP GET commands for MIB via configured interface you need to download Cyberoam MIB. Configure SNMP from the Web Admin Console. Configuring SNMP is a four-step process as follows: Download Cyberoam MIB attached with this document and load in your SNMP Manager device. Start SNMP server as by default SNMP server is not ON Create Agent Create Community (SNMP v1 and v2c) or User (SNMP v3) Create Firewall rule to allow SNMP traffic

Step 1. Start SNMP server Go to System SNMP Manage SNMP and click Start Step 2. Configure Cyberoam as SNMP Agent 1. Select System SNMP Agent Configuration 2. Specify a name to identify the Agent 3. Specify System Location. It is the physical location e.g. name of the department or city, where Cyberoam appliance is deployed. 4. Specify System Contact. It is the contact information e.g. name or email address, of the person responsible for the above-specified Cyberoam appliance. 5. Specify Manager Port. Cyberoam will use this port to send traps. Remote SNMP Management station/Manager will use this port to connect to the Cyberoam appliance. 6. Specify Description 7. Click Update to save the details Step 3. Create SNMP community (if SNMP manager supports SNMP v1 and v2c) 1. Select System SNMP Create Community 2. Specify a name to identify the Community 3. Specify IP address of the SNMP Manager that can use the settings in the SNMP community to monitor Cyberoam. 4. Enable the required SNMP protocol version support. SNMP v1 and v2c compliant SNMP managers have read-only access to Cyberoam system information and can receive Cyberoam traps. 5. Enable the required version for trap support. Traps will be sent to the SNMP Managers who support the specified versions only. 6. Specify Description 7. Click Create Step 3. Create V3 user (if SNMP manager supports SNMP v3) Go to System SNMP Create V3 User and create user by specifying username and password for the user account. Please note, only authenticated user can request information.

How To Configure Cyberoam as SNMP Agent

Step 4. Create firewall rule to allow SNMP traffic Go to Firewall Create Rule and create firewall rule with the following parameters: Parameter Source Destination Service Apply Schedule Action Value Zone Zone in which SNMP server is placed Host SNMP server Zone Local Host Any Host SNMP All the Time Accept

This completes the SNMP configuration in Cyberoam. Using SNMP Manager, you can access SNMP traps from the Interface configured in Cyberoam.

SNMP Traps
All the SNMP communities added in Cyberoam receive traps. Traps include trap message as well as the Cyberoam unit serial number or Cyberoam WAN IP address. To receive traps, SNMP Manager must load and compile the Cyberoam MIB. If SNMP manager has already included standard and private MIBs in a compiled database then add the Cyberoam proprietary MIB to that database. Cyberoam generates following traps, when the specified events or conditions occur: Traps highCpuUsage highDiskUsage highMemUsage httpVirus smtpVirus pop3Virus imap4Virus ftpVirus linkToggle synFlood tcpFlood udpFlood icmpFlood Description High CPU usage i.e. CPU usage exceed 90% High Disk usage i.e. Disk usage exceed 90% High Memory usage i.e. memory usage exceed 90% HTTP virus detected by Cyberoam SMTP virus detected by Cyberoam POP3 virus detected by Cyberoam IMAP virus detected by Cyberoam FTP virus detected by Cyberoam Change of link status (up or down) DoS attack SYN flood detected by Cyberoam DoS attack TCP flood detected by Cyberoam DoS attack UDP flood detected by Cyberoam DoS attack ICMP flood detected by Cyberoam

How To Configure Cyberoam as SNMP Agent

Cyberoam MIB
To monitor Cyberoam system information and receive Cyberoam traps then compile Cyberoam proprietary MIBs into SNMP manager. The Cyberoam replies to SNMP Get commands for MIB via configured interface. Download the attached custom Cyberoam MIB and load into any third-party SNMP management software. The Cyberoam MIB contains fields that report current Cyberoam Appliance status information. The tables below list the names of the MIB fields and describe the status information available for each. You can view more details about the information available from all Cyberoam MIB fields by compiling the cyberoam.mib file into your SNMP manager. Cyberoam supports following read-only MIB objects/fields: Cyberoam Appliance MIB fields MIB field (sysInstall) applianceKey applianceModel cyberoamVersion wabcatVersion avVersion asVersion idpVersion System MIB fields MIB field (sysStatus) cyberoamOpMode systemDate cpuPercentageUsage diskCapacity diskUsage memoryCapacity memoryPercentageUsage swapCapacity swapPercentageUsage haMode liveUsers httpHits ftpHits Description The Cyberoam appliance operation mode - Transparent or Bridge Current date The current CPU usage (as a percent) The hard disk capacity (MB) The current hard disk usage (MB) The memory capacity (MB) The current memory utilization (as a percent) The swap capacity (MB) The current swap utilization (as a percent). The current Cyberaom High-Availability (HA) mode (standalone, A-P) The current live connected users i.e. logged on users in Cyberoam Total HTTP hits Total TTP hits Description Appliance key number of the Cyberoam Appliance in use Appliance model number of the Cyberoam Appliance in use The Cyberoam version currently running on the Cyberoam Appliance. The Webcat version installed on the Cyberoam Appliance The antivirus definition version installed on the Cyberoam Appliance The antispam definition version installed on the Cyberoam Appliance The IDP signature definition version installed on the Cyberoam Appliance

How To Configure Cyberoam as SNMP Agent

pop3Hits (mailHits) imapHits (mailHits) smtpHits (mailHits) pop3Service (serviceStats) imapService (serviceStats) smtpService (serviceStats) ftpService (serviceStats) httpService (serviceStats) avService (serviceStats) asService (serviceStats) dnsService (serviceStats) haService (serviceStats) IDPService (serviceStats) analyzerService (serviceStats) snmpService (serviceStats) License MIB fields MIB field (sysLicesne) appRegStatus (liAppliance) appExpiryDate (liAppliance) supportSubStatus (lisupport) supportExpiryDate (lisupport) avSubStatus (liAntiVirus) supportExpiryDate (liAntiVirus) asSubStatus (liAntiSpam) supportExpiryDate (liAntiSpam) idpSubStatus (liIdp)

Total POP3 hits Total IMAP hits Total SMTP hits The current status of POP3 service The current status of IMAP service The current status of SMTP service The current status of FTP service The current status of HTTP service The current status of AntiVirus service The current status of AntiSpam service The current status of DNS The current status of HA The current status of IDP service The current status of Analyzer The current status of SNMP

Description Current Registration status of Cyberoam Appliance Expiry date of the Cyberoam Appliance, if Appliance is the Demo Appliance Current subscription status for Cyberoam Support Subscription Expiry date for Cyberoam Support, if subscribed Current subscription status for AntiVirus module Subscription Expiry date for AntiVirus module, if subscribed Current subscription status for AntiSpam module Subscription Expiry date for AntiSpam module, if subscribed Current subscription status for IDP module

How To Configure Cyberoam as SNMP Agent

supportExpiryDate (liIdp) webcatSubStatus (liWebcat) supportExpiryDate (liWebcat) Alert MIB field MIB field (sysAlerts) highCpuUsage highDiskUsage highMemUsage httpVirus (avAlerts) smtpVirus (avAlerts) pop3Virus (avAlerts) imap4Virus (avAlerts) ftpVirus (avAlerts) linkToggle (dgdAlerts) idpAlert1 (idpAlerts) synFlood (dosAlerts) tcpFlood (dosAlerts) udpFlood (dosAlerts) icmpFlood (dosAlerts)

Subscription Expiry date for IDP module, if subscribed Current subscription status for Web and Application Filter module Subscription Expiry date for Web and Application Filter module, if subscribed

Description High CPU usage i.e. CPU usage exceed 90% High Disk usage i.e. Disk usage exceed 90% High Memory usage i.e. memory usage exceed 90% HTTP virus detected by Cyberoam SMTP virus detected by Cyberoam POP3 virus detected by Cyberoam IMAP virus detected by Cyberoam FTP virus detected by Cyberoam Change of link status (up or down) IDP alert DoS attack SYN flood detected by Cyberoam DoS attack TCP flood detected by Cyberoam DoS attack UDP flood detected by Cyberoam DoS attack ICMP flood detected by Cyberoam

Document Version: 4.2- 09/03/2011