FWSM vs PIX515E - OVO SNMP walk denied on FWSM, PIX OK

logicaltrc · ‎11-05-2008

I SNMP walk (udp 161) to an AS/400 from one server behind a PIX515E and the return udp packet picks a random port between 5000 and 6000 and the PIX lets it back in OK w/o an ACL specifically allowing it.

I SNMP walk (udp 161) to an AS/400 from another server behind a FWSM and the return udp packet picks a random port between 5000 and 6000 and the FWSM denies it back in logging a message that ACL "outside" is blocking.

If I allow the entire udp range the FWSM allows it.

How can this be? What's the difference between the PIX 7.1(2) and the FWSM 3.1(4) and how it handles returning SNMP walks on random udp ports?

Might a fixup or inspect help on the FWSM? I don't want to open a 1000-port range if I can help it.

hadbou · ‎11-11-2008

The security appliance provides support for network monitoring using SNMP V1 and V2c. The security appliance supports traps and SNMP read access, but does not support SNMP write access.You can configure the security appliance to send traps (event notifications) to a network management station (NMS), or you can use the NMS to browse the MIBs on the security appliance. MIBs are a collection of definitions, and the security appliance maintains a database of values for each definition.