SNMP Alert Receivers

You set actions that generate SNMP alerts as part of a security policy. Use the SNMP tab in the Screen dialog box to:

• Add an SNMP trap receiver

• Delete an SNMP trap receiver

• Set the timer for the timed status indicator

A management information base (MIB) that describes the SNMP trap is included with the SunScreen CD-ROM, as part of the SUNWsfwau package. It is installed as: /usr/lib/sunscreen/Admin/etc/sunscreen.mib. Load this MIB into your SNMP manager to enable it to use the SNMP trap generated by the Screen.

The machine that you want to receive SNMP trap alerts must not be a remote Administration Station. SNMP alert packets are sent in the clear, and the communication between the remote Administration Station and Screen is encrypted; any packets sent in the clear are dropped.

The recipients of SNMP messages are controlled on a Screen-by-Screen basis. The Screen object has a place for an optional list of IP addresses, which are the hosts to which it sends the SNMP packets.

There are two ways to send SNMP packets:

• Set SNMP in a Packet Filtering rule's Action

• Specify it in the default Reject Action of an interface object

SNMP alerts are described in "Screen Object" in SunScreen 3.2 Administrator's Overview.

The following information describes using the administration GUI. For the command line interface, see Chapter 10, Using the Command Line Interface.

To Add an SNMP Alert Receiver

1. Execute the steps in "To Modify the Policies Associated with a Common Object".

2. Select Screen in the Type list.

   

3. Select New from the Add New Object list.

4. Click the SNMP tab in the Screen dialog box.

   The SNMP area is displayed.

   

5. Type the name or IP address of the recipient of the SNMP trap in the Name field.

6. Click the Add button.

   A list of SNMP alert receivers appears. You can define up to five receivers. SunScreen sends each generated alert to all receivers.

7. Click the OK button when you are finished.

You use the SNMP Timer Interval field in the SNMP tab to specify the time interval, in minutes, between the health-update packets that are emitted by the Screen. If you do not specify any Alert receivers, no health-update packets are issued.

If you set the SNMP Timer Interval field to zero (or leave it empty) and there are Alert receivers, no health-update packets are issued, although other SNMP alerts are sent to the Alert receivers.

To Delete an SNMP Alert Receiver

1. Execute the steps in "To Modify the Policies Associated with a Common Object".

2. Select Screen in the Type list.

   

3. Select New from the Add New Object list.

4. Click the SNMP tab in the Screen dialog box for the Screen.

   The SNMP area appears.

   

5. Select an entry in the SNMP Receivers field.

   If the name of the SNMP Receiver to delete is not listed (that is, only the IP address is listed), type the name in the Add/Delete field.

6. Click the Delete button.

7. Click the OK button when you are finished with this Screen object.