none
UAG 2010 add snmp rules RRS feed

  • Question

  • Hi, I would like to have the uag server monitored by a snmp server. Where do I allow or implement the access rules for this?

    thx jason
    Thursday, January 21, 2010 5:08 PM

Answers

  • You will have to add Access Rule to the underlying Forefront TMG.

    Start Forefront TMG Management
    Select Firewall Policy
    In Tasks pane to the right select Create Access Rule
    Follow the wizard and add rule for
    Protocol: SNMP (Found in Infrastructure group)
    Source: Local Host (Found in Networks)
    Destination: Create New Computer object with IP of SNMP server and add as destination
    User Sets: All Users (Default)

    And also you will need to add the SNMP feature to the OS...
    Sunday, January 24, 2010 9:49 AM

All replies

  • You will have to add Access Rule to the underlying Forefront TMG.

    Start Forefront TMG Management
    Select Firewall Policy
    In Tasks pane to the right select Create Access Rule
    Follow the wizard and add rule for
    Protocol: SNMP (Found in Infrastructure group)
    Source: Local Host (Found in Networks)
    Destination: Create New Computer object with IP of SNMP server and add as destination
    User Sets: All Users (Default)

    And also you will need to add the SNMP feature to the OS...
    Sunday, January 24, 2010 9:49 AM
  • Hey Kent,

    I'm trying to monitor my FFTMG with Zenoss and I've confirmed that my firewall (Cisco ASA) is not blocking any of the traffic, but even after creating the access rule above as you specified I'm unable to get a reply from the TMG.  I'm testing ICMP at the same time as a test protocol and I can't ping my TMG nor snmpwalk it.  Do you have any suggestions?

    Saturday, July 7, 2012 1:55 AM
  • Maybe you are trying to do soemthing that requires a new set of rules allowing inbound to TMG.

    Build access rules like the one above but with Source: Internal and Destination: Local host.

    TMG has a protocol defined as "Ping" for that specific type of ICMP traffic.

    To make sure the traffik is actually hitting the TMG (not blocked on the way). Take a look in the logviewer while trying.

    • Proposed as answer by Kanien Saturday, July 7, 2012 9:57 PM
    Saturday, July 7, 2012 7:00 AM