search cancel

How to configure firewall to allow SNMP communication with BMC PATROL devices

book

Article ID: 202701

calendar_today

Updated On:

Products

CA Spectrum CA eHealth

Issue/Introduction

As documented at https://docs.bmc.com/docs/display/public/unixlinux912/PATROL+SNMP+system+architecture BMC PATROL devices use SNMP port 8161. Port 161 is an industry standard, while port 8161 is a BMC PATROL standard. By running on port 8161, you can avoid possible conflicts with operating system vendors who are already using port 161 for an SNMP agent. 

In  linux firewall environment you may get "MANAGMENT AGENT LOST" alarms on these devices because Spectrum cannot poll them. 

How to configure the firewall to allow Spectrum SNMP communication with these devices?

Environment

Release : 20.2

Component : Spectrum Core / SpectroSERVER

Resolution

The simple workaround solution for PATROL SNMP system architecture, which uses ports patrol(8160) and patrol-snmp(8161) on linux firewalld server is:

firewall-cmd --permanent --new-service=custom-snmp

firewall-cmd --permanent --service=custom-snmp --set-description="Workaround for PATROL SNMP system architecture"

firewall-cmd --permanent --service=custom-snmp --set-short="patrol-snmp"

firewall-cmd --permanent --service=custom-snmp --add-source-port=8160-8161/udp

firewall-cmd --permanent --service=custom-snmp --add-source-port=8160-8161/tcp

firewall-cmd --permanent --add-service=custom-snmp

firewall-cmd --reload