Under one of the following situations you may want to use SNMPv3 with localized key:
ASG/ProxySG/SGVA is running FIPS mode and only allowed SNMP configuration is - SNMPv3 with localized key.
ASG/ProxySG/SGVA is running in non FIPS mode but SNMPv3 with localized key is preferred over passphrase.
To generate the localized key for SNMPv3 an external script/tool is required.There are many tools/scripts available using python/perl script for snmp key generation. Also Linux/Ubuntu offers an utility called "snmpkey" which can be used as well. Following example is with 'snmpkey'
1. First below information needs to be collected from ASG/ProxySG/SGVA device .
SNMPv3 engine ID (Available under Maintenance --> SNMP --> SNMP General)
SNMPv3 authentication protocol (md5|sha) and privacy protocol (des|aes) (Available under Maintenance --> SNMPv3 Users --> upon user account creation)
Below is an example of a SNMPv3 user configuration on SG
2. By opening an CLI prompt Linux / ubuntu system and typing 'snmpkey' will confirm whether this utility is present or not and appropriate command format for 'snmpkey'
As an example auth password was used here asdf1234 and privacy password was used 1234asdf. The output here is the localized key that can be used on the SG
3. Copy over the authKey & privKey from the previous step but without the beginning '0x'. Navigate under proxySG --> Maintenance --> SNMP --> SNMPv3 users --> edit the user account that was created in step 1 . Then set the authKey and privKey from step 2 under Set Localized Keys --> engine ID 'self' --> edit
4. At this step SNMPv3 is ready to test with localized key. There are many SNMP tools/utility available online.Following is an example of testing snmpv3 using 'snmpwalk'
Here -aw and -pw are auth and privacy passwords, which were pre-defined in step 2 while generating localized key. In this test if the configuration is successful, this will return CPU utilization via OID .188.8.131.52.4.1.34184.108.40.206.220.127.116.11 over SNMPv3 using localization key.
Subscribing will provide email updates when this Article is updated. Login is required.