Shulou(Shulou.com)06/03 Report--

In the process of bringing my laptop into the monitoring system (monitoring through SNMP), I encountered the problem that the service could not be activated.

The notebook is Win10's system. And it needs to provide services across network segments.

Activate SNMP service

The first step is to activate the SNMP service.

Installation

Control Panel-> programs-> enable or disable the Windows feature:

Check the WMI SNMP provider under simple Network Management Protocol (SNMP):

Service

After installation, set it up. Run: services.msc, enter the service, find the SNMP Service service, and right-click to enter the properties:

Then go to the security page:

The above is to add the SNMP string. Be careful not to use guessing strings like public.

Here are the hosts that restrict access to native SNMP services. Generally speaking, the address of the host is relatively clear, or it is equipped with this restriction. You can wait until the connection is made, and then come back to add the configuration.

Turn off the firewall for testing

If the direct test service can be tested, then there will be no problem. If the test service is not available, first turn off the firewall, eliminate interferers, configure the service first, and then configure the firewall.

By now, all the services should have been opened. You can first turn off the firewall for testing. Control Panel-> system and Security-> Windows Defender Firewall:

Temporarily change to turn off Windows Defender Firewall (not recommended):

At this point, the test service should be testable, so the service has been started successfully. After that, the service is activated when the firewall is turned on.

Firewall configuration

Since the service cannot be activated at this time, we start messing with the firewall configuration.

View firewall policy

Enter the advanced settings of the firewall and view the inbound rules:

The firewall policy has been added by default.

Here is the problem, turn off the firewall service can be tested, but once the firewall service is turned on, it will not work. So you can confirm that the problem must be in the firewall, and the service is open normally.

Manually add firewall policy

One way is to add the firewall policy manually, and you may also need to delete the policy added by default above. This is what I have done in the process of troubleshooting, but the real reason is not this, the operation here can be skipped.

Manually add firewall policy: click the new rule on the right, or right-click the inbound rule, and follow the prompts to do it step by step.

Adjust the scope of firewall policy

The real reason why the inbound rule is invalid is the scope of the default policy.

Double-click the default SNMP policy to view the scope tab:

The scope of the default rule is to limit the local subnet, while my application scenario here needs to cross network segments, so it has been blocked by the firewall. After you find the problem, change it to any IP or add the IP address of the remote server, and you can let the firewall go.

Summary

For automatically added firewall policies, you also need to take a closer look at the detailed configuration in one. Although the basic configuration of the firewall is TCP or UDP, as well as the port number to be open. But there are actually more detailed configurations in each rule and there are some default settings, such as the scope here.

Because the scope here is set to limit the local subnet by default. As a result, there is no problem when doing tests or experiments, because the general test environment is relatively simple and all the hosts are in the same network. But once put into the complex network environment, there will be a variety of impassable situations.

Ping timing has the same problem.

It is the same problem when doing ping tests during this period. To activate the Ping policy of the firewall, just the following is fine:

Because of the scope problem, it may be good to do Ping tests on notebooks. This makes you full of confidence, the test is good, it must be the problem of the peer server or the network. But in fact, it ignores that the default settings of your firewall are not allowed for cross-network segments, and you need to adjust the scope settings.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.