Opening the SNMP port 161 does not work

fmhweb · December 2, 2012, 11:21am

Hi,

I want to monitor my windows system using SNMP, from a local Linux VM, using Bridged network. When I disable the windows (CIS) firewall, it works.

Here is a log entry from the firewall when it is enabled (I have cut off the time and OS):
Source Destination
Blocked In UDP 192.168.1.201 32884 192.168.1.111 161

I defined two global rules and moved them to the top:
Action: Allow
Protocol: UDP
Direction: In
Description: SNMP in
Source Address: (IPv4 Single Address) 192.168.1.201
Destination Address: (IPv4 Single Address) 192.168.1.111
Source Port: Any
Destination Port: (A Single Port) 161

Action: Allow
Protocol: UDP
Direction: Out
Description: SNMP out
Source Address: (IPv4 Single Address) 192.168.1.111
Destination Address: (IPv4 Single Address) 192.168.1.201
Source Port: (A Single Port) 161
Destination Port: Any

I have also added the snmp.exe (Service) as a trusted application (After it did not work already).

What am I doing wrong?
Can I provide more information? Maybe upload a log or so?
I have the same issue with port 5666 (Nagios Client).

Citizen_K · December 4, 2012, 1:24am

Do the Firewall logs provide us with a clue here? Can you post a screenshot of them?

Can you also post a screenshot of your Global Rules?

fmhweb · December 9, 2012, 8:51am

Hi,
sorry for the late reply. I was gone for a while.

Still not working. The hint in the log is probably “Windows Operating System”. I am not a networker but netstat shows, that no UDP ports are actively listening. Is that why CIS blocks the port, because it does not listen?

[attachment deleted by admin]

Citizen_K · December 10, 2012, 11:38pm

What is the IP address of your Linux installation in vm?

mfsa · December 6, 2016, 10:55am

I hope you don’t mind me bumping this thread, but it’s very environmental friendly to don’t use new digital paper but write on the old one ( ;D ;D ;D).

My situation is exactly the above. Same FW rules in/out (in global rules, on top), nothing in the FW logs, and also no SNMP data sent to my server. All clients Windows 7 Pro, CIS 8.4.

However: when I disable CIS I immediately have the box as ‘online’ in my SNMP server (Observium).

Also, on my other laptop, I removed CIS and only have Windows Firewall: that also works.

So it is something in CIS that seems to block the communication, but I have no clue what.

(double checked ports: its destination UDP 161 (= client), source ANY (server), the return rule is the reverse: source UDP161 (client), destination any (server)).

Also, if I put two more ALLOW ALL global rules on top, it also doesn’t work (so: source LANPC, destination OSERVER, source/dest ports ALL ALL, and the reverse rule too: SOURCE OSERVER, destination LANPC, source/dest ports ALL ALL).

Would anybody have a clue?

Thank you in advance :-*

mfsa · December 8, 2016, 4:58pm

For future generations: ping was blocked, and that comes before UDP161.