I want to monitor my windows system using SNMP, from a local Linux VM, using Bridged network. When I disable the windows (CIS) firewall, it works.
Here is a log entry from the firewall when it is enabled (I have cut off the time and OS):
Source Destination
Blocked In UDP 192.168.1.201 32884 192.168.1.111 161
I defined two global rules and moved them to the top:
Action: Allow
Protocol: UDP
Direction: In
Description: SNMP in
Source Address: (IPv4 Single Address) 192.168.1.201
Destination Address: (IPv4 Single Address) 192.168.1.111
Source Port: Any
Destination Port: (A Single Port) 161
Action: Allow
Protocol: UDP
Direction: Out
Description: SNMP out
Source Address: (IPv4 Single Address) 192.168.1.111
Destination Address: (IPv4 Single Address) 192.168.1.201
Source Port: (A Single Port) 161
Destination Port: Any
I have also added the snmp.exe (Service) as a trusted application (After it did not work already).
What am I doing wrong?
Can I provide more information? Maybe upload a log or so?
I have the same issue with port 5666 (Nagios Client).
Hi,
sorry for the late reply. I was gone for a while.
Still not working. The hint in the log is probably “Windows Operating System”. I am not a networker but netstat shows, that no UDP ports are actively listening. Is that why CIS blocks the port, because it does not listen?
I hope you don’t mind me bumping this thread, but it’s very environmental friendly to don’t use new digital paper but write on the old one ( ;D ;D ;D).
My situation is exactly the above. Same FW rules in/out (in global rules, on top), nothing in the FW logs, and also no SNMP data sent to my server. All clients Windows 7 Pro, CIS 8.4.
However: when I disable CIS I immediately have the box as ‘online’ in my SNMP server (Observium).
Also, on my other laptop, I removed CIS and only have Windows Firewall: that also works.
So it is something in CIS that seems to block the communication, but I have no clue what.
(double checked ports: its destination UDP 161 (= client), source ANY (server), the return rule is the reverse: source UDP161 (client), destination any (server)).
Also, if I put two more ALLOW ALL global rules on top, it also doesn’t work (so: source LANPC, destination OSERVER, source/dest ports ALL ALL, and the reverse rule too: SOURCE OSERVER, destination LANPC, source/dest ports ALL ALL).