PIX 6.3, more than one SNMP community?

Unanswered Question
May 30th, 2007
User Badges:

Can you add more than one community string to PIX firewall running 6.3?

If so,

Is it an ok practice to have a RW string on a PIX firewall in addition to the RO string?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
acomiskey Wed, 05/30/2007 - 15:08
User Badges:
  • Green, 3000 points or more

You cannot do RW in pix.

wilson_1234_2 Wed, 05/30/2007 - 17:17
User Badges:

Thanks for the reply,

What do you do about Ciscoworks management with PIX?

Don't you need RW for some funtions?

Fernando_Meza Wed, 05/30/2007 - 17:32
User Badges:
  • Gold, 750 points or more

Hi ..

PIX firewalls allow limited SNMP support. Because SNMP was designed as a network

management protocol and not a security protocol, it can be used to exploit a device. For this

reason, the PIX Firewall allows only read-only access to remote connections. This enables

the manager to remotely connect to the device and monitor SNMP traps but does not allow

the manager to change any SNMP settings.

so answering your question Ciscoworks will not use SNMP to push down changes to the firewall.

I hope it helps .. please rate if it does !!!


This Discussion