Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Updates & Insights
  • Questions
  • Learning
    • E-learning Courses
    • Empower Replay: Limited Edition
    • Tutorials
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
      • About the DevOps Program
      • DataMiner DevOps Support
  • Downloads
  • More
    • DataMiner Releases & Updates
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

Changing SNMP Community String in Dataminer’s SNMP Agent

Solved365 views24th January 2025
1
Andrew Teoh [DevOps Member]132 14th January 2025 0 Comments

Hi,

As part of internal cybersecurity practices, our servers are subjected to regular vulnerability scans. On a recent scan, the scan result contained "SNMP Agent Default Community Name (public)" vulnerability. This basically means that there's an SNMP Agent listening to the default community name of "public".

After a check, I can reasonably conclude that DataMiner is the one listening on port 161. Is there anyway we can change the default community string to something else?

FYI, this DMA also has elements that communicate with devices via SNMP.

Thanks in advance.

Andrew Teoh [DevOps Member] Selected answer as best 24th January 2025

2 Answers

  • Active
  • Voted
  • Newest
  • Oldest
3
Bert Vandenberghe [SLC] [DevOps Enabler]8.29K Posted 14th January 2025 1 Comment

Hi Andrew,

It is possible to change the default community string to something else. You can find more information here: Configuring SNMP agent community strings | DataMiner Docs

Now, security wise, it would even be better to just close that port altogether. The SNMP Agent of a DMA is listening on port UDP 161, and by default the recent installers of DataMiner keep this port closed by default. This SNMP Agent is typically not being used, because you only need this when an external system would need to query things from DataMiner over SNMP. This hardly ever happens, so you can typically close this UDP port 161.

Closing UDP port 161 has no impact on elements polling SNMP devices. DataMiner uses its SNMP Manager to poll SNMP devices. To poll an SNMP device, no port needs to be open on a DMA, because you only have an outgoing request to the SNMP device with a reply on that request. If the device does send SNMP traps or inform messages, then UDP port 162 must be opened on the DMA. Then the SNMP Manager of DataMiner will listen on that port for incoming traps.

So, in short, the SNMP Agent on a DMA is just listening on UDP 161 for external systems querying DataMiner. This is rarely being used and therefore UDP 161 can typically be closed. The SNMP Manager on a DMA is the one doing all the hard work to poll all the SNMP devices. Polling is possible without the need to open incoming ports. Only when you need to receive traps on DataMiner, you need to make sure UDP 162 is open so that the SNMP Manager on DataMiner can receive traps.

Let us know if something would not be 100% clear.

Bert

Andrew Teoh [DevOps Member] Selected answer as best 24th January 2025
Andrew Teoh [DevOps Member] commented 14th January 2025

Hi Bert,

Thanks for your explainer and the link to the resources. I have managed to achieve what I wanted to do. In the end, I disabled the SNMP Agent functionality on my Agents as I needed port 161 for the operating system.

Regards,
Andrew

You are viewing 1 out of 2 answers, click here to view all answers.
Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs

[ Placeholder content for popup link ] WordPress Download Manager - Best Download Management Plugin