SNMP Agent\Client on Firewalla Gold Plus - What I did that worked.
Here's what I did to get SNMP working permanently on my Firewalla Gold Plus. All of this information is available via a combo of Firewalla documentation and Google. I've just put it all together here. Hope it's useful to others. Caveat Emptor.
How to Install and Configure SNMP on Firewalla
1. Connect to your Firewalla console via SSH using the “pi” account:
- Get the password for the “pi” account via your Apple or Android Firewalla app:
* Open your Firewalla app and click the gear icon in the upper right * Select “Advanced” * Select “Configurations” * Select “SSH Console”
* Tap "Password"
* Select “Reveal Password” when it pops up at the bottom of the screen
- Open a terminal\shell on whatever platform you use and open an SSH connection to your Firewalla. I use Ubuntu and have an internal DNS so I use the first command below:
Note: Change the <HOSTNAME> and the <YOURDOMAIN> to your specific host name and domain name e.g. pi@firewalla.rulz.com - OR you can use *your* Firewalla IP address like this pi@192.168.0.1
ssh pi@<HOSTNAME>.<YOURDOMAIN.COM>
OR
ssh pi@192.168.0.1
2. Once connected via SSH, install SNMP on your Firewalla:
Note: Firewalla wants you to know an important piece of information before you take the next step and install SNMP. Here's what they say.
"WARNING!
Firewalla uses a specific package set, and have dedicated customizations.
We do pay attention to those security updates but don't have the resource to
test every update. Upgrading packages here will much likely break things.
If you know what you are doing and wish to continue, use 'unalias apt'
and 'unalias apt-get' to hide this message."
Ok, if you know what you're doing then enter the following commands to unalias "apt" and "apt-get" for this initial install of SNMP on your Firewalla.
unalias apt
unalias apt-get
sudo apt-get update sudo apt-get -y install snmpd
3. Open the “snmpd.conf” file which was just created in /etc/snmp/ when we installed SNMP. I use nano to edit, but you can use vi or another text editor.
sudo nano /etc/snmp/snmpd.conf
4. Add or edit the following lines in /etc/snmp/snmpd.conf :
Note:
Your ‘agentAddress’ is an internal/LAN facing IP address (recommended) on your Firewalla and it will communicate using udp on port 161. You don't have to do it this way, it's just the way I did it.
Your rocommunity <YOUR_COMMUNITY> is whatever you’ve chosen to use as your SNMP Read Only Community name. The IP address following <YOUR_COMMUNITY> is the specific IP address for *your* SNMP management server.
agentAddress udp:192.168.0.1:161 rocommunity <YOUR_COMMUNITY> 192.168.0.2
5. From nano or vi, save the changes you just made to “/etc/snmp/snmpd.conf”
6. Restart the snmpd service like this:
sudo service snmpd restart
7. Copy “/etc/snmp/snmpd.conf” TO “/home/pi/.firewalla/config/post_main.d/"
Note: You’re copying “snmpd.conf” to this directory so that the script you create in step 8 below can copy it BACK to "/etc/snmp/" after a Firewalla service restart, system reboot, or after an official Firewalla automatic software update. More on this in step 8 below.
sudo cp /etc/snmp/snmpd.conf /home/pi/.firewalla/config/post_main.d/snmpd.conf
8. Enabling Customized Scripts on you Firewalla Gold/Purple
You can add scripts to your Firewalla Gold/Purple that will be automatically executed when your Firewalla service restarts, your system reboots, or after an automatic software update.
These scripts are stored in this directory: /home/pi/.firewalla/config/post_main.d/
You can create the directory if it does not exist, like this:
sudo mkdir /home/pi/.firewalla/config/post_main.d/ cd /home/pi/.firewalla/config/post_main.d/ sudo chmod +wr .
Any files in this new directory that end with ".sh" will be executed when your Firewalla boots.
Now, let’s create a script that we will use to re-install SNMP and your SNMP configuration. We're doing this because Firewalla issued updates\upgrades may overwrite or delete your SNMP installation and configuration. The script will also move a copy of our saved “snmpd.conf” file (the one we made in steps 3 through 5) BACK into the /etc/snmp/ directory:
sudo touch /home/pi/.firewalla/config/post_main.d/snmpGO.sh sudo chmod +x /home/pi/.firewalla/config/post_main.d/snmpGO.sh
Next, we’re going to edit the script “snmpGO.sh” that we just created:
sudo nano /home/pi/.firewalla/config/post_main.d/snmpGO.sh
Add the following lines to your new snmpGO.sh script:
#!/bin/bash unalias apt unalias apt-get sudo apt-get update sudo apt-get -y install snmpd sudo rm /etc/snmp/snmpd.conf sudo cp /home/pi/.firewalla/config/post_main.d/snmpd.conf /etc/snmp/snmpd.conf sudo service snmpd restart
Note: If you make periodic changes to your "snmpd.conf" file (e.g. adding a new SNMP management server, IP changes, Community name changes, etc.) I would recommend making changes to the file here first: "/home/pi/.firewalla/config/post_main.d/snmpd.conf" and then copying it to "/etc/snmp/snmpd.conf" That way you will always have the most up to date version of your snmpd.conf available after a Firewalla system update or restart.
Save the file, and you’re done configuring your Firewalla!
The very last step is to add your Firewalla to whatever SNMP manager you’re using and see if it works. Once you get it working try rebooting your Firewalla to make sure that SNMP is still working and reporting to your SNMP manager. It should be. If not, then you or I have made a typo somewhere in the steps above. Good luck!
-
when trying to add the firewall box to observium using the ./add_device command. keep getting
No reply on given community *** using v2c.
Could not reach 192.168.XX.XX with given SNMP parameters using v2c.
Devices failed: 1.Followed the above instructions, it’s not difficult to install and configure.
Did you follow the observium installation from the website. I installed onto a Proxmox virtual machine. The web interface is up and running, but again I can’t add firewalla.
Thanks for any advice.
Andy
-
Hi Andy,
Try toggling the “icmp echo check” setting right there when you’re setting up the new device in Observium. On my phone/remote right now or I’d send you a screenshot. Let me know how it goes.
Edit: To answer your questions directly.
1. Yes, I did follow the instructions on the Observium CE site and have been running and successfully upgrading it for about 6 years. Lots of customizations.
2. As for adding devices, I add all my devices through the web interface using the Devices\Add Device menu. I host a DNS on my network, have an internal domain (e.g. mydomain.com) and use fully qualified domain names, as opposed to IPs, when adding devices to Observium. A typical device add on my setup looks like this:
If you're entering similar information into your "Add Device" dialog and are still not able to add your Firewalla or other devices, we can dig a little deeper into how you're doing name resolution and also take a look at how or if you have your search domain set up.
-
I'm not a linux expert, but this is probably just something super simple:
I get the following error after I run sudo apt-get -y install snmpd.
Any ideas folks?
pi@firewalla:/etc (2038-FW) $ sudo apt-get -y install snmpd
Reading package lists... Done
Building dependency tree
Reading state information... Done
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
libssl-dev : Depends: libssl1.1 (= 1.1.1-1ubuntu2.1~18.04.15) but 1.1.1-1ubuntu2.1~18.04.5 is to be installed
snmpd : Depends: libsnmp30 (= 5.7.3+dfsg-1.8ubuntu3.8) but it is not going to be installed
Depends: libsnmp-base but it is not going to be installed
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).
Please sign in to leave a comment.
Comments
7 comments