We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

SNMP Configuration

  • Last updated on

Simple Network Management Protocol (SNMP) is an internet standard protocol that provides a method of managing network devices such as servers, workstations, routers, hubs and bridges from a centrally located host running network management software. The SNMP versions supported by the Barracuda Web Application Firewall are: SNMP v2c, and SNMP v3.

A standard SNMP implementation includes three key components:

  • SNMP Manager – software which runs on a management system and makes SNMP queries to a device. This managing system is called as Network Management System (NMS).
  • SNMP Agent – software which runs on the managed device that maintains data for the device and responds to the SNMP queries/requests.
  • Management Information Base (MIB) – a virtual repository for network management information that consist a set of managed objects. These objects are organized in a hierarchical tree structure. Each object within the MIB tree has a unique object ID (OID), written as a series of integers.

The SNMP agent contains MIB variables, and the values of these variables can be requested by the SNMP manager through Get operations.


SNMP_req_and_resp_1-01.png

SNMP Configuration on the Barracuda Web Application Firewall

Before the Barracuda Web Application Firewall can be managed remotely by the system running SNMP Manager, perform the following tasks:

  • Configure the SNMP Agent
  • Download the MIB files to your remote manager system. Refer to the Downloading SNMP MIB Files section below.

Once the above tasks are performed, you can execute the SNMP commands on the network management system to manage the Barracuda Web Application Firewall.

Configuring the SNMP Agent

To configure the SNMP agent on the Barracuda Web Application Firewall, perform the following tasks:

  • Configure Client Access to the SNMP Agent
    Configure the Barracuda Web Application Firewall to allow access to the SNMP agent from an SNMP manager system.
  • Configure SNMP Traps
    Specify the destination SNMP manager system for SNMP traps.

Configuring Client Access (SNMP Manager)

The system running the SNMP manager software for remotely monitoring the Barracuda Web Application Firewall is referred as an SNMP client. The Barracuda Web Application Firewall supports SNMP version v2c and v3. Version v2c and v3 allow SNMP access only from the IP address(es) configured in the Allowed SNMP IP/Range field, and version v3 restricts SNMP access to only password-authenticated users.

To allow client access to the SNMP agent

  1. Go to the BASIC > Administration page.
  2. In the SNMP Manager section, specify values for the following:
    1. Enable SNMP Agent – Set to Yes to allow the Barracuda Web Application Firewall to accept and respond to the SNMP queries.
    2. SNMP Version – Select the SNMP version (v2c or v3) to be used.
      1. v2c - Allows SNMP access only to the IP address(es) configured in the Allowed SNMP IP/Range field.
        1. SNMP Community String - Specify the community string, or password for authenticating SNMP access.
      2. v3 – Encrypts the SNMP traffic and limits access to only password-authenticated users.
        1. User – Enter a name to be used for authenticating SNMP v3 queries.
        2. Password – Enter the password to be used for the specified user.
        3. Authentication Method – Select the authentication method (MD5 or SHA) supported by your SNMP monitor. Note: SHA is more secure method.
        4. Encryption Method – Select the encryption method (DES or AES) supported by your SNMP monitor. Note:  AES is the more secure method.
    3. Allowed SNMP IP/Range – Specify the IP address(es) for which SNMP access needs to be allowed to connect to the Barracuda Web Application Firewall.
  3. Click Save Changes.

Configuring SNMP Traps

Traps are unsolicited notification messages generated by the Barracuda Web Application Firewall and sent to the SNMP manager when significant events occur on the Barracuda Web Application Firewall. These notification messages are sent only to the IP address(es) configured in the Trap Receivers section on the BASIC > Administration page.

The Barracuda Web Application Firewall can generate SNMP alerts for the following events:

 

AlerttempCritical

System temperature exceeded its threshold.

{ bwstraps 3 }

firmwareStorageHigh

Firmware storage exceeds 85%.
{ bwstraps 18 }

logStorageHigh

Log storage exceeds 85%."
{ bwstraps 19 }

raidDegrading

One of the RAID arrays is degrading.

energizeUpdateExpire

Energize Updates subscription is about to expire.

firmwareUpdateAvailable

New Firmware Update is available.

attackDefinitionUpdateAvailable

New Attack Definition is available.

Critical

tempHigh

System temperature is higher than 80C.

systemFailOver

System has failed over.

WarningswitchingToMaintMode

System is in failed state.

ErrorfanDead

One of the System fans is dead."

dataPortLinkDown

Data link is down.

serverDown

Back-end Server is down.

peerDown

Peer is down.

InformationdataPortLinkUp

Peer is up.

serverUp

Back-end Server is up.

peerUp

Peer is up.

switchingToBypassMode

Switching to bypass mode.

Downloading SNMP MIB files

A MIB file contains a set of definitions for each managed object. It defines the data type, accessibility, description, and the current validity of the object. The Barracuda Web Application Firewall provides two MIB files that can be downloaded and imported to your SNMP manager.

To download the MIB files:

  1. Go to the BASIC > Administration page, and click Help.
  2. Scroll down to the SNMP Manager section, click the The Barracuda Web Application Firewall MIB link and save the Barracuda-BWS-MIBS.tar file. 
SNMP Table and Statistics

A SNMP Table is an ordered collection of objects. Each row contains one or more objects and each object in a table is identified using the table index. The Barracuda Web Application Firewall contains 50 object identifiers in the SNMP table.

The following table displays the statistics polled for the SNMP tables:

Stats NameDescriptionOIDExample
bwsHttpProxyStatsTable

Table to show statistics for the HTTP services configured on the Barracuda Web Application Firewall.

1.3.6.1.4.1.20632.8.50.1snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.1
bwsSslProxyStatsTable

Table to show statistics for the HTTPS services configured on the Barracuda Web Application Firewall.

.1.3.6.1.4.1.20632.8.50.2snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.2
bwsCompressionStatsTable

Table to show statistics for the HTTP compression feature if its enabled for a given service.

.1.3.6.1.4.1.20632.8.50.3snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.3
bwsCacheStateTable

Table to show statistics for the HTTP caching feature if its enabled for a given service.

.1.3.6.1.4.1.20632.8.50.4snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.4
bwsHttpSrvrStatsTable

Table to show statistics for the HTTP server configured for a Virtual IP address.

1.3.6.1.4.1.20632.8.50.5snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.5
bwsSslSrvrStatsTable

Table to show statistics for the HTTPS server configured for a Virtual IP address.

.1.3.6.1.4.1.20632.8.50.6snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.6
bwsIpsLrnSrvcStatsTableTable to show profiles created by adaptive profiling and learning. Also, profiles that are updated by responses..1.3.6.1.4.1.20632.8.50.8snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.8
bwsIpsReqLimitStatsTable

Table to show statistics for the Request Limits feature for a given security policy.

.1.3.6.1.4.1.20632.8.50.9snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.9
bwsIpsUrlNormStatsTable

Table to show statistics for the URL Normalization feature for a a given security policy.

.1.3.6.1.4.1.20632.8.50.10snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.10
bwsIpsCookieSecStatsTable

Table to show statistics for the Cookie Security feature for a given security policy.

.1.3.6.1.4.1.20632.8.50.11snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.11
bwsIpsUrlAclStatsTable

Table to show statistics for the URL ACL feature for a given service.

.1.3.6.1.4.1.20632.8.50.12snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.12
bwsIpsHdrAclStatsTable

Table to show statistics for the header ACL feature for a given service.

.1.3.6.1.4.1.20632.8.50.13snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.13
bwsIpsWebAddrTransStatsTable

Table to show web address translation feature for a given service.

.1.3.6.1.4.1.20632.8.50.14snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.14
bwsIpsAccessCtrlStatsTable

Table to show statistics for the access control feature for a given service.

.1.3.6.1.4.1.20632.8.50.15snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.15
bwsIpsRCStatsTable

Table to show statistics for the rate control feature for a given service.

.1.3.6.1.4.1.20632.8.50.16snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.16
bwsIpsUrlPolicyStatsTable

Table to show statistics for the URL policy for a given service.

.1.3.6.1.4.1.20632.8.50.17snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.17
bwsSMUserSessionTable

Table to show statistics for the SiteMinder authentication scheme for the service that has SiteMinder enabled.

.1.3.6.1.4.1.20632.8.50.18snmpwalk -v 2c -c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.18
bwsServiceStatusTableTable to show the service IP/Port and status of service OID.1.3.6.1.4.1.20632.8.50.19snmpwalk –v 3c –c public 10.11.31.231 .1.3.6.1.4.1.20632.8.50.19

Using SNMP

Collecting performance data

The types of performance data that can be gathered using SNMP on the Barracuda Web Application Firewall are:

  • Memory use
  • Number of active connections per service
  • Number of HTTP requests per service
  • Number of SSL transactions per service

Each performance data type is associated with one or more SNMP object IDs (OIDs). To gather performance data, specify the OIDs with the appropriate SNMP command.

For example, the following SNMP command collects data on current memory use, where “public” is the community name and 10.11.31.231 is the IP address of the Barracuda Web Application Firewall:

snmpget -c public –v 2c 10.11.31.231 .1.3.6.1.4.1.20632.8.19

For some types of metrics, you can just issue an SNMP command with an OID to get the needed information. Example: Memory use. Whereas, there are some types of metrics where the data collected with SNMP is not useful until a calculation is performed on it to interpret the data.

For example, to determine the throughput rate of client bits coming into the Barracuda Web Application Firewall, you must use the relevant OID

( httpProxyInBytes  (1.3.6.1.4.1.20632.8.50.1.1.14)) to take two polls at a certain interval (such as ten seconds), calculate the delta of the two polls, and then perform the following calculation on that delta value:

( <DeltaStatClientBytesIn>*8 ) / <interval>

 

To calculate polling interval, the interval duration should be minimum of 60 seconds.  The same interval values should be for <interval> in your calculations.

Collecting Data on Memory Use

This section provides information on how to gather data on the number of bytes of memory currently being used on the Barracuda Web Application Firewall.

The following OIDs are required for collecting metrics on memory use:

DescriptionRequired SNMP OIDs

Memory Usage

1.3.6.1.4.1.20632.8.19

freeMem

1.3.6.1.4.1.20632.8.24
totalMem

1.3.6.1.4.1.20632.8.23

Collecting Data on System Status

This section provides information on how to gather data on the number of active connections on the Barracuda Web Application Firewall.

The following OIDs are required for collecting metrics on System Status:

DescriptionRequired SNMP OIDs
Uptime1.3.6.1.4.1.20632.8.22
Systemload1.3.6.1.4.1.20632.8.8
Operational mode1.3.6.1.4.1.20632.8.15
vipStatus1.3.6.1.4.1.20632.8.18
Datapathstatus1.3.6.1.4.1.20632.8.16
highAvailabilityStatus1.3.6.1.4.1.20632.8.14
logStorage1.3.6.1.4.1.20632.8.13
firmwareStorage1.3.6.1.4.1.20632.8.12
currentFirmwareVersion1.3.6.1.4.1.20632.8.25
virusDefUpdates1.3.6.1.4.1.20632.8.26
securityDefUpdates1.3.6.1.4.1.20632.8.27
systemSerialNumber1.3.6.1.4.1.20632.8.28

Collecting Data on System Configuration

This section provides information on how to gather and interpret data on the number of Applications  on the Barracuda Web Application Firewall. We can also gather info on the total servers and their status.

The following OIDs are required for polling data on new connections:

Graph MetricsRequired SNMP OIDs
totalApplications1.3.6.1.4.1.20632.8.2
totalServers1.3.6.1.4.1.20632.8.3
activeServers1.3.6.1.4.1.20632.8.6
activeApplications1.3.6.1.4.1.20632.8.5

Collecting Data on HTTP Requests for a Service

This section provides information on how to gather and interpret data on the number of current HTTP requests on the Barracuda Web Application Firewall for a given service, in terms of requests per minute.

To gather and interpret the data for this metric, you must perform some polling and calculations:            

  1. Use the OID and perform two separate polls, at an interval of your choice.          
  2. Calculate the delta of the two poll values.           
  3. Perform a calculation on the OID delta.

The table below shows the OID that you must poll, retrieving two separate poll values for this OID.

Required OIDs for polling data on HTTP requests:

Graph MetricsRequired SNMP OIDs
HTTP Request rate.1.3.6.1.4.1.20632.8.50.1.1.6

For example, to collect data on HTTP requests for the HTTP Requests graph metric, follow these steps.

  1. Poll OID httpProxyTotalReq (.1.3.6.1.4.1.3375.2.1.1.2.1.56) twice, at a 60-second interval.
    This results in two values, <sysStatHttpRequests1> and <sysStatHttpRequests2>. This OID will retrieve HTTP requests for all HTTP Services.
    If you want to retrieve HTTP requests for a specific Service, then you need to append the IP address in the OID. Example: 1.4.99.99.102.10.80, where 1.4 is the IPv4 version, 99.99.102.10 is the Service IP address and 80 is the port number. 

    The minimum polling frequency for interval is 60 seconds.

  2. Calculate the delta of the two poll values:
    <DeltaHttpProxyRequests> = <httpProxyTotalReq2> - <httpProxyTotalReq1>
  3. Calculate the value of the HTTP Requests graph metric using the calculation shown in the table below, where the value of <interval> is 60.

Required calculations for interpreting metrics on HTTP requests:

Performance Graph

(Configuration utility)

Graph MetricsRequired calculations for HTTP Requests
HTTP RequestsHTTP Requests< DeltaHttpProxyRequests > / <interval>

Collecting Data on SSL Transactions

This section provides information on how to gather and interpret data on SSL performance, in terms of transactions per minute.

To gather and interpret the data for this metric, you must perform some polling and calculations:

  1. Use the OID and perform two separate polls at an interval of your choice.
  2. Calculate the delta of the two poll values.
  3. Perform a calculation on the OID delta.

The table below shows the OID that you must poll, retrieving two separate poll values for this OID.

Required OIDs for polling for data on HTTP requests:

Graph MetricsRequired SNMP OIDs
sslProxyTotalReq.1.3.6.1.4.1.20632.8.50.2.1.18.1.4.99.99.102.24.443

For example, to collect data on HTTP requests for the HTTP Requests graph metric, follow these steps.

  1. Poll OID sslProxyTotalReq (.1.3.6.1.4.1.20632.8.50.2.1.18) twice, at a 60-second interval.
    This results in two values, <sysStatHttpRequests1> and <sysStatHttpRequests2>. This OID will retrieve HTTP requests for all HTTP Services. If you want to retrieve HTTP requests for a specific Service, then you need to append the IP address in the OID. Example: 1.4.99.99.102.24.443, where 1.4 is the IPv4 version, 99.99.102.24 is the Service IP address and 443 is the port number.

    The minimum polling frequency for interval is 60 seconds.

  2. Calculate the delta of the two poll values:
    <DeltasslProxyTotalReq > = < sslProxyTotalReq2> - < sslProxyTotalReq1>
  3. Calculate the value of the HTTP Requests graph metric using the calculation shown in the table below, where the value of <interval> is 60.

Required calculations for interpreting metrics on HTTP requests

Performance Graph

(Configuration utility)

Graph MetricsRequired calculations for HTTP requests
SSL RequestsSSL Requests< DeltasslProxyTotalReq > / <interval>

Practical use of SNMP

For the purpose of demo, a NMS Server (PRTG) trial version was deployed to import the MIB files of the Barracuda Web Application Firewall. SNMP settings were configured on the NMS server to generate information on the various sensors, some of which are shown below:

PRTG_Graph.jpg

HTTP Service based statistics were collected for a period of 2 days:

Two_days_data.jpg

Live data snapshot:

Live_data.jpg

 

Last updated on