Passwordrules to include connection-options (SNMPv3)

Idea ID 2800055

Passwordrules to include connection-options (SNMPv3)

In a rather mixed environment like ours it's not possible to have all the devices setup with the same SNMPv3 encryption methods. This is mostly due to vendor specific limitations.

For example:
- Older devices are fixed to Authentication-Encryption with MD5 and Privacy with DES (example Avocent Terminal Servers)
- Newer devices are sometimes fixed, for example to SHA / DES (example: Cisco Meraki)
- Some devices let you freely mix between different possible encryption (for example: Palo Firewalls)

Additionally some devices require you to have the same passwords for authentication and privacy while others allow you to have individual strings.

With the option: <option name="ConnectionMethods/CustomDefault">XXXXXX</option>
in the adjustable options it's possible to set the default communication for a newly discovered device,and there it's possible to set one SNMPv3 encription set. But only one possible combination.

Additionally, there is a setting within the NA-Proxy that allows to add a connection method to password rules via "add authentication -connectionmethods" but this only allows a setting for telnet, ssh or console.

My idea would be:
Make it possible so we can add connection-methods to password rules for SNMPv3, for example by enhancing the "connectionmethods" in the proxy or by adding those options to the GUI.

3 Comments
Micro Focus Expert
Micro Focus Expert
Status changed to: Needs Clarification

Dear Submitter,

We already have the option to define the SNMPv3 setting as part of password rules for Global/ Device Group/ IP Range/ Host Name/ Device IP Address. Given this, you should be able to group devices from any of the criteria above and apply SNMP settings as needed.

Can you please clarify what else is needed in the definition of password rules which would serve your use cases?

Super Contributor.. Super Contributor..
Super Contributor..

It took a bit longer to get back to you. Since I wasn't sure if I missed a setup, I opened the case SD02706401 for this and got the feedback:

... with the RCX setting you can add only one set that will be applicable to newly added devices.

The only possibility now is to change it in the Edit device menu, after you have added it...

So they confirmed this is not possible to have newly added devices automatically have the correct encryption methods assigned. Maybe you @AkashDeep know something more? 

Micro Focus Expert
Micro Focus Expert
Status changed to: Waiting for Votes

The idea has received an initial review to ensure adherence to our idea submission and community guidelines. More information may be needed at this stage, and we expect the community to help prioritize the idea with comments and community support (votes/kudos).

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.