Forum Discussion

Nimbostratus

May 11, 2018

Restricting SNMP access to LTM (especially use of "sys snmp agent-addresses")

I am wondering about restricting SNMP access to an LTM. I want to understand how the following two commands should be used: modify sys snmp agent-addresses modify sys snmp allowed-addresses ...

Employee

May 16, 2018

You can read about restricting SNMP access here:

https://support.f5.com/csp/article/K13535

agentaddress <- This is the address that the BigIP is listening for requests on. By default, it's all addresses. So as long as you had the proper port open, you could query for SNMPD data on management or on your self IPs. You could use this to limit access to only your management IP. Read more here: http://www.net-snmp.org/docs/man/snmpd.conf.html

So agentaddress specifies the address that's being listened on, while the other is remote addresses that are allowed to access. So you may be listening on your management address only (agentaddress), but you may only allow your SNMP system to actually query that address.

Forum Discussion

Restricting SNMP access to LTM (especially use of "sys snmp agent-addresses")

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Disk space full - what files, folders are safe to delete?

Converting config to DO

Enterprise Security best practices with F5 WAF

Web acceleration

Related Content

Especial Load Balancing Active-Passive Scenario (I)

Office 365 Tenant Restrictions

Especial Load Balancing Active-Passive Scenario (II)

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

F5 iRule Geolocation restriction