Here is an example of SNMPv3 configuration in CheckPoint Gaia Appliace:
set snmp agent on set snmp contact "zzzz@domain.com" set snmp location "Middle of nowhere" add snmp address 123.34.56.78 set snmp agent-version v3-Only add snmp usm user snmpv3user security-level authPriv auth-pass-phrase 111222333 privacy-pass-phrase 555666777
To use less secure version of SNMP v1/v2 use following commands:
set snmp agent on set snmp contact "zzzz@domain.com" set snmp location "Middle of nowhere" add snmp address 123.34.56.78 set snmp agent-version any set snmp community snmpv2community read-only
Replace 123.34.56.78 with Firewall’s interface IP which is going to answer the SNMP requests. This command may be omitted – then SNMP will listen on all interfaces.
If you want to enable SNMPv3 only you might want to remove the default “public” community from configuration file, but after changing the agent-version to v3-Only the firewall will reject your command:
delete snmp community public read-only NMSSNM0075 SNMP v3-Only does not accept community strings.
To work around this issue, just execute:
set snmp agent-version any delete snmp community public read-only set snmp agent-version v3-Only