First of all, keep in mind that a firewall is a network security device that works to monitor incoming and outgoing network traffic and makes decisions in terms of allowing or blocking determined traffic based on a set of security rules.
Some SNMP problems are not directly caused by either manager or agent. The network connectivity between the two devices can sometimes be impeded by firewall settings. Firewalls that block UDP, SNMP, pings, or ports 161 or 162 are the most common issues. Use the following steps to identify and solve firewall problems:
A simple ICMP ping to a PC near the device is a good initial test to determine connectivity status and network performance issues. ICMP ping is an IP-based signal sent from one device to another. If the target device receives the "ping" from the source device, it will (if configured to do so) respond to confirm that is active and connected to the network. It's a simple way of confirming that a device is online.
So, if your pings to the PC are not returned, try pinging the gateway. Continue working your way up the network with your pings to identify the point where they stop. Check for firewalls and firewall configurations, especially those that block UDP, SNMP, pings, or ports 161 or 162. Keep in mind that some networks block all ping traffic as a security measure.
Next, send another simple ICMP ping to the device to determine connectivity.
If pings to the PC in Step 1 were successful, but pings sent to the device fail, the problem is almost certainly with your SNMP device.
If the SNMP device you are testing supports Telnet connections or Web access, you should attempt to connect using one of these methods. If pings succeed but Telnet and/or browsing is blocked, this is a very good indication that you have a firewall issue.
For additional security, some SNMP devices may use non-standard ports to obstruct unauthorized SNMP traffic. If so, make sure that these ports are not blocked by a firewall and are accepted by the manager. Another potential solution is to reconfigure the device to use standard ports.
A firewall may simply be blocking the IP address of your device and/or manager. Confirm that these or any other needed IP addresses are not being blocked.
Tracing the "hops" that network traffic is following to reach the device can allow you to pinpoint a tricky firewall issue. A simple trace can be performed from the Command Prompt of Windows XP:
All DPS Telecom products include comprehensive technical support. If you've purchased one of our products and are encountering any kind of issue, contact DPS Tech Support today at 559-454-1600.
At DPS Telecom, the representative who answers your call isn't an intern reading from a script. DPS Tech Support representatives are engineers who contribute to product development. And, if your problem requires additional expertise, the DPS Engineering Department that designed your product is right down the hall.
Help us connect you to the right engineer by filling out this quick questionnaire. Simply leave your contact information to get started, and we'll call you back. Most preliminary discussions are about 15 minutes, and afterward, we'll send you a custom application diagram of a recommended solution that'll make it easier to justify your project to management.
Have a specific question? Ask our team of expert engineers and get a specific answer!
Click here for more information.
Download our free SNMP White Paper. Featuring SNMP Expert Marshall DenHartog.
This guidebook has been created to give you the information you need to successfully implement SNMP-based alarm monitoring in your network.
Click here for more information.