Administer SNMP monitoring

Simple Network Management Protocol (SNMP) allows network administrators to start, stop, enable, and disable the SNMP service. You can also use it to query devices for various network information. Access Gateway allows you to gather information directly from an appliance using SNMP polling.

By default, SNMP is turned off in Access Gateway. Access Gateway supports these versions of SNMP:

  • Access Gateway version 2024.2.1 or later: v3
  • Access Gateway version 2024.1.1 or earlier: v2c
  • Upgrades of any earlier version of an existing installation to version 2024.2.1 or higher: v3

You can continue using SNMP v2c in existing installations if you haven't created SNMP v3 credentials.

Third-party network monitoring tools, such as Solarwinds or Nagios, can use SNMP to monitor certain parameters.

Access Gateway appliances support object identifiers located within the subset of the following Management Information Base (MIB) objects:

These MIBs aren't proprietary and are available on most network monitoring systems. The Access Gateway appliance doesn't contain any proprietary MIBs.

Enable SNMP for v3

Do this task on each Access Gateway instance in your environment.

  1. Sign in to the Access Gateway Management console.
  2. Select 2 - Services.
  3. Select 6 - SNMP.
  4. Select 1 - Enable.

Enable SNMP v2c for existing Access Gateway installations

Access Gateway version 2024.2.1 or later: Disable and then enable the SNMP service, and then select SNMP version v2c on each Access Gateway instance in your environment.

  1. Sign in to the Access Gateway Management console.
  2. Select 2 - Services.
  3. Select 6 - SNMP.
  4. Select 1 - Disable SNMP.
  5. Select x to return to the 6 - SNMP menu.
  6. Select 1 - Enable SNMP.
  7. Select x to return to the 6 - SNMP menu.
  8. Select 6 - Configure SNMP.
  9. Select 1 - Enable SNMP v2c. Follow the prompts to change the community strings.

Add a user to SNMP v3

SNMP v3 is the default version available in Access Gateway. This version authenticates users with a username, an authentication password, and an encryption password. Before you can use SNMP v3, you must create a user and the authentication and encryption passwords. You can't change an existing user. Instead, create a new user and delete the old user.

  1. Sign in to the Access Gateway Management console.
  2. Select 2 - Services.
  3. Select 6 - SNMP.
  4. Select 2 - Add user.
  5. Enter the username.
  6. Enter the authentication password, and then reenter it when prompted.
  7. Enter the encryption password, and then reenter it when prompted.

Manage the SNMP service and check its status

  1. Sign in to the Access Gateway Management console.
  2. Select 2 - Services.
  3. Select 6 - SNMP.
  4. Select an option:
    1. Disable SNMP: Disable the SNMP service.
    2. Start SNMP: Start the SNMP service.
    3. Stop SNMP: Stop the SNMP service.
    4. Restart SNMP: Restart the SNMP service.
    5. Check status SNMP: Check the status of the SNMP service.
    6. Configure SNMP: Configure the SNMP service. See Add a user to SNMP v3.
    7. Reset SNMP: Reset the SNMP service. This brings the SNMP service back to its initial state. It deletes all users that you added to SNMP v3, disables SNMP v2c, and restores the original SNMP v2c community string.

Delete a user from SNMP v3

  1. Sign in to the Access Gateway Management console.
  2. Select 2 - Services.
  3. Select 6 - SNMP.
  4. Select 3 - Delete a user.
  5. Enter the username.
  6. Enter delete to confirm.
  7. Press Enter.

Switch to SNMP v2c for new Access Gateway installations

For new Access Gateway installations, SNMP v3 is the default version. You can switch to SNMP v2c if you've been using this version and haven't set up authentication credentials in SNMP v3 yet. This version authenticates users with a community string. You can obtain your community string from Okta Support.

  1. Sign in to the Access Gateway Management console.
  2. Select 2 - Services.
  3. Select 6 - SNMP.
  4. Select 6 - Configure SNMP.
  5. Select 1 - Enable SNMP v2c. Follow the prompts to change the community strings.

Change the SNMP v2c community string

  1. Sign in to the Access Gateway Management console.
  2. Select 2 - Services.
  3. Select 6 - SNMP.
  4. Select 6 - Configure SNMP.
  5. Select 4 - Change v2c community string. This option is only visible when you've enabled SNMP v2c.
  6. Enter the community string, and then reenter it when prompted.
  7. Press Enter.

Install the SNMP monitoring package for legacy Access Gateway versions

The Okta SNMP monitoring package isn't installed by default in versions 2020.03.3 and earlier.

  1. Sign in to the Access Gateway Management console.
  2. Enter 5 - System.
  3. Enter 2 - Install.
  4. Enter the package name okta-monitoring-snmp.
  5. When prompted, enter y to install the package or N to end the installation.

SNMP test tools

There are multiple tools for testing SNMP functionality on various operating systems. The following information outlines the popular operating systems.

Microsoft Windows

On Windows operating systems, you can use an open-source tool called net-snmp. Follow these instructions to install net-snmp and test SNMP polling to the Access Gateway appliance:

  1. Download net-snmp and install it onto your machine.
  2. Copy an snmpwalk command from the sample test commands, paste it into a command prompt, and then execute it.

Linux (Debian-based)

On a Linux-based operation system, you can install an SNMP package to achieve the same results. Follow these instructions for Debian systems:

  1. Install snmpd. For systems with apt-get, enter this command: sudo apt-get install snmpd
  2. Copy an snmpwalk command from the sample test commands, paste it into a terminal, and then execute it.

Sample test commands

Use the snmpwalk command string for the SNMP version that you're using to test SNMP for each individual appliance.

If you're using SNMP v2c, you can obtain your SNMP community string from Okta Support.

Poll these objects

SNMP v2 command

SNMP v3 command

All available objects snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 .1 snmpwalk -O n -v3 -l authPriv -u <username> -a SHA -A "<auth_password>" -x AES -X "<enc_password>" localhost:161 .1
System snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 snmpwalk -O n -v3 -l authPriv -u <username> -a SHA -A "<auth_password>" -x AES -X "<enc_password>" localhost:161
Disk snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 .1.3.6.1.4.1.2021.9 snmpwalk -O n -v3 -l authPriv -u <username> -a SHA -A "<auth_password>" -x AES -X "<enc_password>" localhost:161 .1.3.6.1.4.1.2021.9
Network stats snmpwalk -O n -v2c -c AccessGatewayCommunityString localhost:161 .1.3.6.1.2.1.31.1 snmpwalk -O n -v3 -l authPriv -u <username> -a SHA -A "<auth_password>" -x AES -X "<enc_password>" localhost:161 .1.3.6.1.2.1.31.1
Load snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 .1.3.6.1.4.1.2021.10 snmpwalk -O n -v3 -l authPriv -u <username> -a SHA -A "<auth_password>" -x AES -X "<enc_password>" localhost:161 .1.3.6.1.4.1.2021.10
Memory snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 .1.3.6.1.4.1.2021.4 snmpwalk -O n -v3 -l authPriv -u <username> -a SHA -A "<auth_password>" -x AES -X "<enc_password>" localhost:161 .1.3.6.1.4.1.2021.4
Session cache logwatch snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 .1.3.6.1.4.1.2021.16.2 snmpwalk -O n -v3 -l authPriv -u <username> -a SHA -A "<auth_password>" -x AES -X "<enc_password>" localhost:161 .1.3.6.1.4.1.2021.16.2
Process snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 .1.3.6.1.4.1.2021.2 snmpwalk -O n -v3 -l authPriv -u <username> -a SHA -A "<auth_password>" -x AES -X "<enc_password>" localhost:161 .1.3.6.1.4.1.2021.2
Watch snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 1.3.6.1.4.1.2021.2.1 | grep ".2 " snmpwalk -O n -v3 -l authPriv -u <username> -a SHA -A "<auth_password>" -x AES -X "<enc_password>" localhost:161 1.3.6.1.4.1.2021.2.1 | grep ".2 "

After verifying that SNMP is functioning properly, you can configure the network management system (NMS) to poll the Access Gateway appliance. Consult your NMS documentation for configuration steps to add a new managed device.