Server Management - Systems Insight Manager
1748185 Members
3900 Online
108759 Solutions
New Discussion юеВ

SIM SNMP trap security issue

 
SOLVED
Go to solution
Don Bitters
Advisor

SIM SNMP trap security issue

I have HP SIM setup and fully working across public IP's remotely monitoring 100 servers in different locations not connected via any VPN's. I have WBEM working correctly with WMI and the WMI Pegasis Mapper by opening 5989.
I have half HP servers and half Dell servers and my objective is to use one management console to do the job.

I have the HP management page being linked and displayed properly under each server as well as the Dell server administrator by opening 2381 and 1311.

I am doing ping identification on 5989 instead of port 80 by changing the globalprops which works fine.

I have udp 161 open to get the SNMP status and all the hp agents report their status changes back fine. The Dells do not report their SNMP status back, but I am assuming that is because HP does not walk the Dell mibs. I have the new dell mibs all installed and working correctly and I can verify all event configs of each trap from the SNMP trap settings page. This required editing out the comments in the dell mibs because of incompatible comment marks.

I have 50004 to 50005 open on the HP SIM for return status as well as udp ports 161 and 162.

I can receive SNMP traps that show up in the events tap for any local servers and all servers connected through VPNтАЩs. I can not however receive any SNMP traps outside of the VPN publicly. The traps are not being blocked by our firewall that I can tell, and I also enabled all access rules both ways from our LAN into another LAN and vice versa but restricted to our public IPSтАЩs.

The local server name is obviously different than the public reported server name to separate the internet displayed domain name and the locally displayed domain name. I think HP SIM might only accept traps from the same name the traps are sent to as the local server FQDN. I do have the option тАЬAccept unregistered eventsтАЭ selected in the event filter settings.

So my question is, what possibly could be preventing the snmp traps from working over the internet between firewalls when no blocks or errors are reported and when all ports are open both ways limited by public ipтАЩs. Again this works perfectly fine over VPNтАЩs and the local LAN.

Thanks for the help.
4 REPLIES 4
James D. Young
Frequent Advisor

Re: SIM SNMP trap security issue

I have my SNMP Traps from the Dells going to my HPSIM Server and My Dell Open Manage Server. I get the same SNMP Messages on both servers.

Make sure on the Dells, that the traps are being sent to the IP address instead of the name, but either should work. It does not care what the reverse of the machine is.
Joel Rubenstein
Honored Contributor
Solution

Re: SIM SNMP trap security issue

If you are having problems receiving traps from servers that are accessed via NAT modify the globalsettings.props file

AllowAltIpForTrap=enabled --> disabled

and restart the SIM service
Don Bitters
Advisor

Re: SIM SNMP trap security issue

Joel,
Thanks that did the trick perfectly. I would have thought that would be set by default so the system could accept traps from other systems you are managing.

So now that I am getting traps internally and externally, I now have an additional issue.
I have dells internally and externally, and the dcstorag mib is generating traps fine, however, when I generate temperature, voltage, or power traps for testing, I am getting an unregistered trap message and it recommends that I recompile and re import the dell10892 mib. I used the same procedure for the dcstorag mib and have tried this several times. I also tried the 4.5, 5.0 and 5.1 version of the dell10892 mib with no luck. It will only register the event as generic unregistered trap. Because it is generic, it doesn├в t say what the problem is and it does not generate the event.

Anybody have a suggestion.
Thanks.
Gloucki
New Member

Re: SIM SNMP trap security issue

Thanks
It's perfect