HTTPS listen port for SNMP

book

Article ID: 131600

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

Deployed SNMPAgentAssertion for SNMP monitoring, currently using an HTTP listen port for SNMP.  Customer has audit item finding, for which we would need to have only secure listen ports.  What is needed to configure the SNMP traffic over secure channel 

Create a new HTTPS listen port in the gateway, and updated the passTacticalServiceUsage.sh with https and the port details. We restarted the snmpd daemon, but we see that the SNMP is not reporting the data


 

Environment

Release:
Component: APIGTW

Resolution

Need to ensure the listen port *8443 has SNMP Query service checked off for enabled. 

Modify passTacticalServiceUsage.sh add the following
wget -q -O- http://127.0.0.1:8080/snmp/management/$VERB/$2
wget -q -O- --no-check-certificate https://127.0.0.1:8443/ssg/management/$VERB/$2


TEST:
SNMP over HTTP
[[email protected] ~]# wget -q -O- http://127.0.0.1:8080/ssg/management/get/.1.3.6.1.4.1.17304.7.1
.1.3.6.1.4.1.17304.7.1
string
Service Usage
Response as expected 

SNMP over HTTPS
[[email protected] ~]# wget -q -O- https://127.0.0.1:8443/ssg/management/get/.1.3.6.1.4.1.17304.7.1
No Responses - No certificate

SNMP over HTTPS with no check for certificate
[[email protected] ~]# wget -q -O- --no-check-certificate https://127.0.0.1:8443/ssg/management/get/.1.3.6.1.4.1.17304.7.1
.1.3.6.1.4.1.17304.7.1
string
Service Usage
WORKS - Response as expected 
 

Additional Information

This is a tactical SNMP solution with no documentation or testing of this functionality over HTTPS, it's not officially supported.