For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

_KT_'s avatar
_KT_
Icon for Nimbostratus rankNimbostratus
May 11, 2018

Restricting SNMP access to LTM (especially use of "sys snmp agent-addresses")

I am wondering about restricting SNMP access to an LTM. I want to understand how the following two commands should be used: modify sys snmp agent-addresses modify sys snmp allowed-addresses ...
application delivery
LTM
TMSH
Chris_Grant's avatar
Chris_Grant
Icon for Employee rankEmployee
May 16, 2018

You can read about restricting SNMP access here:

 

https://support.f5.com/csp/article/K13535

 

agentaddress <- This is the address that the BigIP is listening for requests on. By default, it's all addresses. So as long as you had the proper port open, you could query for SNMPD data on management or on your self IPs. You could use this to limit access to only your management IP. Read more here: http://www.net-snmp.org/docs/man/snmpd.conf.html

 

So agentaddress specifies the address that's being listened on, while the other is remote addresses that are allowed to access. So you may be listening on your management address only (agentaddress), but you may only allow your SNMP system to actually query that address.