SNMP security is combined with WebAdmin Security

On implementation of SNMP with Zabbix we hit a strange problem on 2 of the 20 devices of a customer (all Balance models 30 to 580)

All devices are PEPVPN connected to the central HUB, so all is routable. We enabled SNMP on the devices with subnet filter and community string. On 18 devices it worked straight after config.

On 2 devices we were unable to snmpwalk on the devices and at first we did not find a reason for it.
After some searching and trying, we noticed a sligth difference in config of the “SYSTEM >> Admin Security

The 2 devices were configed with “LAN Connection Access Settings” set on “Allow this network only
And a local site network chosen. After changing the setting to “Any” the SNMPwalk was possible.

This setting has direct effect on the SNMP settings. In some way you could say this is by design.
But we were connecting trough a PEPVPN the IP address of the chosen Interface (local network)
So it is source IP filtered I think, and not by incomming interface.

The question is, is this behaviour by design or is this a bug, should this be independ settings?

1 Like

Can you share the device model, hardware revision and firmware version of the 2 affected devices?

1 Like

Number 1: Peplink Balance 30 LTE - 8.0.0 build 3623 (BPL-031-LTE-E) Hardware Revision 1
Number 2: Peplink Balance 580 - 8.0.0 build 2636 (BPL-580) Hardware Revision 3

This is a bug and we have filed this. For the time being, please set LAN Connection Access Settings to Any.

Thanks for reporting this!

1 Like

Hello,
This bug is interesting because it would be nice to have the option to select “Allowed Source IP Subnets” for PepVPN Peers and for SNMPv3 managment hosts polling the Peplink.
Can we have that please?

Regards
Dana

1 Like

This is possible in firmware 8.0.1 (currently in beta) with a new feature, “Local Service Firewall Rule”.

1 Like