CAS 2.x receives SNMP queries on UDP Port 161. SNMP replies are sent from CAS' UDP Port 1 back to the SNMP Agent's port.
The following is a packet capture of the SNMP traffic :
No. Time Source Destination SrcPort DstPort Protocol Info
153 7.338 10.10.10.88 10.10.10.93 2813 161 SNMP get-next-request SNMPv2-SMI::org
156 7.362 10.10.10.93 10.10.10.88 1 2813 SNMP get-response SNMPv2-MIB::sysDescr.0
232 10.879 10.10.10.88 10.10.10.93 2814 161 SNMP get-next-request SNMPv2-SMI::org
235 10.900 10.10.10.93 10.10.10.88 1 2814 SNMP get-response SNMPv2-MIB::sysDescr.0
In the example above, SNMP response are sent from UDP Port 1 to the SNMP Agent's originating ports UDP 2813 and 2814.
This is a known issue with Content Analysis 2.1.1 and 2.2.1.
The fix for this issue will be in CAS 2.3.
The work-around is to have firewalls or other security devices should be configured to allow traffic from the CAS' IP address and UDP Port 1 in order to allow the SNMP reply to the requestor.