Nokia IPSO 4.0 manual Enabling Snmp and Selecting the Version, To enable or disable Snmp, 254

6

SNMP query operations. In this case, you might have to delete the FloodGate package from your system.

Enabling SNMP and Selecting the Version

The SNMP daemon is enabled by default. If you choose to use SNMP, configure it according to your security requirements. At minimum, you must change the default community string to something other than public. You should also select SNMPv3, rather than the default v1/v2/v3, if your management station supports it.

Caution

If you do not plan to use SNMP to manage the network, disable it. Enabling SNMP opens potential attack vectors for surveillance activity by enabling an attacker to learn about the configuration of the device and the network.

You can choose to use all versions of SNMP (v1, v2, and v3) on your system or to allow SNMPv3 access only. If your management station supports v3, select to use only v3 on your IPSO system. SNMPv3 limits community access; only requests from users with enabled SNMPv3 access are allowed and all other requests are rejected.

To enable or disable SNMP

1.Choose SNMP under Configuration in the tree view.

2.Select Yes or No for Enable SNMP Daemon.

3.If you are enabling SNMP, click Apply. The SNMP configuration options appear.

Caution

To run the Check Point and SNMP daemons simultaneously, you must start the Check Point SNMP daemon after you start VPN-1/Firewall NG. If you start the Check Point SNMP daemon before you start VPN-1FireWall-1 NG, the IPSO daemon does not start.

4.From the SNMP version drop-down list, select the version of SNMP to run:

„SNMPv1/v2/v3

Select this option if your management station does not support SNMPv3.

„SNMPv3

Select this option if your management station supports v3. SNMPv3 provides a higher level of security than v1 or v2.

5.If you selected v1/v2/v3, enter a new read-only community string under Community Strings. This is a basic security precaution that you should always take.