Hi Andrew,

It is possible to change the default community string to something else. You can find more information here: Configuring SNMP agent community strings | DataMiner Docs

Now, security wise, it would even be better to just close that port altogether. The SNMP Agent of a DMA is listening on port UDP 161, and by default the recent installers of DataMiner keep this port closed by default. This SNMP Agent is typically not being used, because you only need this when an external system would need to query things from DataMiner over SNMP. This hardly ever happens, so you can typically close this UDP port 161.

Closing UDP port 161 has no impact on elements polling SNMP devices. DataMiner uses its SNMP Manager to poll SNMP devices. To poll an SNMP device, no port needs to be open on a DMA, because you only have an outgoing request to the SNMP device with a reply on that request. If the device does send SNMP traps or inform messages, then UDP port 162 must be opened on the DMA. Then the SNMP Manager of DataMiner will listen on that port for incoming traps.

So, in short, the SNMP Agent on a DMA is just listening on UDP 161 for external systems querying DataMiner. This is rarely being used and therefore UDP 161 can typically be closed. The SNMP Manager on a DMA is the one doing all the hard work to poll all the SNMP devices. Polling is possible without the need to open incoming ports. Only when you need to receive traps on DataMiner, you need to make sure UDP 162 is open so that the SNMP Manager on DataMiner can receive traps.

Let us know if something would not be 100% clear.

Bert

Hi Andrew,

I think this is what you are looking for: https://docs.dataminer.services/user-guide/Advanced_Functionality/SNMP_managers/Configuring_SNMP_managers/Changing_SNMP_agent_ports.html