No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

The VSM software can't connect to the firewall case

Publication Date:  2019-07-24  |   Views:  300  |   Downloads:  0  |   Author:  w00490185  |   Document ID:  EKB1000047541

Contents

Issue Description

The customer wants to use the VSM software to manage the firewall device, but after configured the SNMP protocol, the VSM server can't connect to firewall.

Alarm Information

The fail logs as following:

Handling Process

Firstly,check if the route from the VSM server to firewall is correct.After ping test,confirmed that the route is OK.

Secondly,check if the configured read community between firewall and VSM server are same and correct. After reconfigure the read community with same characters on both firewall and VSM server, the problem is still existing.

Thirdly,When the VSM server connecting to the firewall, I find the firewall doesn't reply the VSM server's SNMP request.and then I check the security policy on the firewall, but after confirmed, all the security policies are permit for the VSM server.

Finally, I do a test by using traffic statistics based on ACL, I find that the SNMP packets are dropped by firewall service-manage function. And then I check the configuration as following:

interface GigabitEthernet6/0/0
alias Internal
ip address 192.168.0.251 255.255.255.240
vrrp vrid 2 virtual-ip 192.168.0.254 master
hrp track master
service-manage enable
service-manage https permit
service-manage ping permit
service-manage telnet permit

The service-manage function is enabled, but doesn't permit the SNMP protocol. So the solution is that add the command “service-manage snmp permit” to permit the SNMP protocol under the interface.

Root Cause

According to issue detail information and fail logs,the reason maybe as following:
(1).the route from the VSM server to firewall is incorrect or is unreachable.
(2).the read community mismatch between the firewall and VSM server.
(3).the firewall has some security policy drop the SNMP packets.

Suggestions

When configure the firewall by using both the web interface and the command line at the same, please pay attention to the service-manage function under the interface.this function will effect the reachable to the firewall.