SNMP is another application-layer protocol supported by pfSense. SNMP collects and organizes information about managed devices, and is often used to monitor network devices. SNMP-managed networks consist of managed devices, software running on the managed devices (known as agents), and software running on the manager, known as a theĀ network management station (NMS). ManagementĀ data is organized hierarchically in structures known as management information bases (MIBs).
Enabling SNMP in pfSense will allow it to act as a network-management station, and this will enable you to monitor network traffic and flows, pfSense queues, as well as system information (for example, CPU, memory, and disk usage). It is also capable of running traps on managed devices that are triggered by certain events. SNMP is implemented under pfSense with the bsnmpd service.
It contains the most basic MIBs available, but it can be extended by loadable modules:
To activate the SNMP daemon, navigate to Services | SNMP and check the Enable checkbox under the SNMP Daemon section. You can run SNMP without changing any of the defaults, but you should review the options before continuing.
The second section is SNMP Daemon Settings, and the first option under it is the Polling Port edit box. The default port is 161 (the standard port for SNMP), but you can change it if necessary. You can enter an optional System Location and System Contact in the next two edit boxes. In the Read Community String edit box, you can enter a passphrase that will be required by all hosts querying the SNMP daemon. You should enter a strong passphrase here.
The next section is SNMP Traps Enable, under which there is an Enable checkbox for enabling traps. Checking this box reveals the SNMP Trap Settings section with several trap options. In the Trap server edit box, you should enter the hostname or IP address of the trap server. In the Trap Server Port, you can enter the port where the traps will be received. The default is 162, but if your SNMP trap receiver is on a different port, you can change it here. The SNMP Trap String field is a string that will be sent along with any generated trap.
Under the SNMP Modules section, you can choose which modules to run. The choices are as follows:
- MIBII: This provides information provided in the management information base tree (defined by RFC 1213), which covers networking information and networking interfaces. This module will allow you to query network interface information.
- Netgraph: This module provides some netgraph-related information. Netgraph is a graph-based kernel networking subsystem that is part of FreeBSD.
- PF: This provides information about pfSense, including the rules, states, interface information, and tables.
- Host Resources: A module that provides additional information from the MIB tree (for example, system uptime and the amount of physical memory).
- UCD: A module that implements parts of the UCD-SNMP-MIB toolkit. It allows you to get memory, load average, and CPU usage, among other things.
- Regex: A module that produces counters from logs or other text files.
The last section on the page, Interface Binding, has only one option, the Interface Binding drop-down box, which determines the interfaces on which the SNMP daemon is listening. The default is All, but you can select a single interface on which to listen (or localhost). Selecting multiple interfaces without using the All option is not supported. When you are done making changes, click on the Save button at the bottom of the page.