The PIX Firewall, like its router and switch cousins, is considered an SNMP agent or SNMP server that collects data in MIB form. The management station is often a UNIX or Windows network host running the SNMP program that receives and processes the SNMP MIB data. This program could be a network management program, such as CiscoWorks or HP OpenView, a tool like Fluke Networks OptiView, or one of many network mapping and analysis programs, such as nMAP or Ethereal. Figure 20-1 shows an example of an SNMP management station on the internal network. The security policy and scope of the management station might dictate whether the DMZ servers and the perimeter router would report to the station.
Accessibility to PIX Firewall MIBs is based on configuration, MIB support, and authentication based on the community string. By default, the PIX Firewall is configured to allow polling from all configured SNMP management hosts on the inside interface. Unsuccessful polling attempts, except for failed community string authentication, aren’t logged or otherwise reported.
Use the snmp-server command to identify location, management station, community string, and contact information for the PIX Firewall.