In Juniper SRX cluster firewalls, we have always managed to poll the SNMP information thru the management port. In ourcluster, we have interface fxp0 as the management interface. Basic SNMP configuration can be easily found from Juniper support site. Below is a simple configuration.
# Basic SNMP information
set snmp location "JUNIPER-SRX240"
set snmp contact "IT ServiceDesk ([email protected])"
# SNMP read-only communitiy with restricted source network
set snmp community public authorization read-only
set snmp community public clients 10.10.10.0/24
set snmp community public clients 0.0.0.0/0 restrict
# SNMP read-write communitiy with restricted source network
set snmp community private authorization read-write
set snmp community private clients 10.10.10.0/24
set snmp community private clients 0.0.0.0/0 restrict
# Enable SNMP Access on the interface other than the management port
set security zones security-zone trust host-inbound-traffic system-services snmp
# (Optional) For SNMP Debugging - use "show log snmptrace"
set snmp traceoptions file snmptrace
set snmp traceoptions flag all
This configuration works for normal cluster setup with management port (fxp0). However, our setup uses several routing instances and SNMP polling on these interfaces will not work directly. It took me awhile to understand that SNMP polling on interfaces members of routing instances requires a different approach based on this Juniper support link.
Below configuration snippet to allows SNMP polling on the "trust" routing-instance from 10.10.10.0/24 subnet.
set snmp community trust routing-instance LAN clients 10.10.10.0/24
set snmp routing-instance-access
When SNMP is polled from the interface in the routing instance, we need to combine the routing instance name and community string. In this scenario, the SNMP string is "trust@public". Below is the result on polling SNMP on the trust interface with IP 10.20.20.1
# snmpwalk -v 2c -c trust@public 10.20.20.1 sysUpTime.0
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1512039870) 175 days, 0:06:38.70