Here is an example of SNMPv3 configuration in CheckPoint Gaia Appliace:
[code]
set snmp agent on
set snmp contact “zzzz@domain.com”
set snmp location “Middle of nowhere”
add snmp address 123.34.56.78
set snmp agent-version v3-Only
add snmp usm user snmpv3user security-level authPriv auth-pass-phrase 111222333 privacy-pass-phrase 555666777
[/code]
To use less secure version of SNMP v1/v2 use following commands:
[code]
set snmp agent on
set snmp contact “zzzz@domain.com”
set snmp location “Middle of nowhere”
add snmp address 123.34.56.78
set snmp agent-version any
set snmp community snmpv2community read-only
[/code]
Replace 123.34.56.78 with Firewall’s interface IP which is going to answer the SNMP requests. This command may be omitted – then SNMP will listen on all interfaces.
If you want to enable SNMPv3 only you might want to remove the default “public” community from configuration file, but after changing the agent-version to v3-Only the firewall will reject your command:
[code]
delete snmp community public read-only
NMSSNM0075 SNMP v3-Only does not accept community strings.
[/code]
To work around this issue, just execute:
[code]
set snmp agent-version any
delete snmp community public read-only
set snmp agent-version v3-Only
[/code]
