Deployed SNMPAgentAssertion for SNMP monitoring, currently using an HTTP listen port for SNMP. Customer has audit item finding, for which we would need to have only secure listen ports. What is needed to configure the SNMP traffic over secure channel
Create a new HTTPS listen port in the gateway, and updated the passTacticalServiceUsage.sh with https and the port details. We restarted the snmpd daemon, but we see that the SNMP is not reporting the data
Need to ensure the listen port *8443 has SNMP Query service checked off for enabled.
Modify passTacticalServiceUsage.sh add the following
wget -q -O- http://127.0.0.1:8080/snmp/management/$VERB/$2
wget -q -O- --no-check-certificate https://127.0.0.1:8443/ssg/management/$VERB/$2
SNMP over HTTP
Response as expected
SNMP over HTTPS
No Responses - No certificate
SNMP over HTTPS with no check for certificate
WORKS - Response as expected
This is a tactical SNMP solution with no documentation or testing of this functionality over HTTPS, it's not officially supported.