The customer wants to use the VSM software to manage the firewall device, but after configured the SNMP protocol, the VSM server can't connect to firewall.
The fail logs as following:
Firstly,check if the route from the VSM server to firewall is correct.After ping test,confirmed that the route is OK.
Secondly,check if the configured read community between firewall and VSM server are same and correct. After reconfigure the read community with same characters on both firewall and VSM server, the problem is still existing.
Thirdly,When the VSM server connecting to the firewall, I find the firewall doesn't reply the VSM server's SNMP request.and then I check the security policy on the firewall, but after confirmed, all the security policies are permit for the VSM server.
Finally, I do a test by using traffic statistics based on ACL, I find that the SNMP packets are dropped by firewall service-manage function. And then I check the configuration as following:
ip address 192.168.0.251 255.255.255.240
vrrp vrid 2 virtual-ip 192.168.0.254 master
hrp track master
service-manage https permit
service-manage ping permit
service-manage telnet permit
The service-manage function is enabled, but doesn't permit the SNMP protocol. So the solution is that add the command “service-manage snmp permit” to permit the SNMP protocol under the interface.
According to issue detail information and fail logs,the reason maybe as following:
(1).the route from the VSM server to firewall is incorrect or is unreachable.
(2).the read community mismatch between the firewall and VSM server.
(3).the firewall has some security policy drop the SNMP packets.
When configure the firewall by using both the web interface and the command line at the same, please pay attention to the service-manage function under the interface.this function will effect the reachable to the firewall.