Configuring System-Level SNMP Traps

The system-level trap configuration is always used for alerts that affect Security Admins. It is also used for group-level alerts if no specific group-level configuration exists in Cryptographic Security Platform Vault.

1. Log into the Cryptographic Security Platform Vault Management webGUI using an account with Security Admin privileges.
2. In the top right, click the Switch to Appliance Management link.
3. In the top menu bar, click Settings.
4. In the System Settings section, click SNMP Settings.

5. On the SNMP Settings page, specify the options you want to use.

   Options

   Field	SNMP Version	Description
   Enabled	All	Select True if you want Cryptographic Security Platform Vault to use this SNMP configuration.
   Server	All	The hostname or IP address of the SNMP server.
   Port	All	The SNMP port number. The default SNMP port is 162.
   Version	All	The SNMP version. Cryptographic Security Platform Vault supports version 2c and version 3. Note: The rest of the fields displayed in page depend upon the selected version.
   Community	2c	Specify the community string for your SNMP server.
   User	3	The user ID that should be associated with the trap.
   Notification Type	3	This can be: Inform—Cryptographic Security Platform Vault sends the SNMP trap and expects an acknowledgment that the trap was received in return. Trap—Cryptographic Security Platform Vault sends the SNMP trap but does not expect an acknowledgment.
   Engine ID Type	3	Choose the engine ID type from the following options: Custom Engine ID—Choose this option if an SNMP engine ID is already configured in the SNMP Manager. This allows users to configure the same engine ID in the engine ID field. Cryptographic Security Platform Vault will send the traps with the supplied engine. System Generated Engine ID—Choose this option if the SNMP Manager expects to receive the engine ID from the Cryptographic Security Platform Vault. The Engine ID field will be automatically filled with a system generated engine ID that cannot be edited. Updating the system generated engine ID may take a few minutes. Note: This field is only visible if the Notification Type is Trap.
   Engine ID	3	If the Notification Type is Trap, enter the SNMP engine ID assigned to the SNMP manager. You can enter between 10 and 64 hexadecimal characters.
   Security Level	3	This can be: No Authentication, No Privacy — Cryptographic Security Platform Vault sends the messages in plain text and no authentication is done by the SNMP server. With Authentication, No Privacy — Cryptographic Security Platform Vault sends the message in plain text but the SNMP server authenticates the message before logging it. With Authentication, With Privacy — Cryptographic Security Platform Vault encrypts the message before sending it and the SNMP server authenticates the message before logging it. For encryption, Cryptographic Security Platform Vault supports AES (Advanced Encryption Standard) or DES (Data Encryption Standard).
   Authentication Protocol	3	The type of authentication to use with the SNMP server if one of the authentication options is selected in the Security Level field. Cryptographic Security Platform Vault supports MD5 and SHA (Secure Hash Algorithm).
   Authentication Key	3	The authentication key that Cryptographic Security Platform Vault should send to the SNMP manager if one of the authentication options is selected in the Security Level field. If you want to view the key in plain text, click the eye icon.
   Privacy Protocol	3	The privacy protocol to use if With Authentication, With Privacy is selected in the Security Level field. This can be AES or DES.
   Privacy Key	3	The privacy key to use if With Authentication, With Privacy is selected in the Security Level field. If you want to view the key in plain text, click the eye icon.
   Agent Port	All	The port to use for all SNMP Agent Users. The default is port 161.

6. When you are finished, click Apply.

7. If you want to test the configuration, click Test SNMP Settings.

   Note: The SNMP trap must be enabled and you must apply the settings before you can test the configuration.

8. If you want to download the MIB file, click Download MIB File.