No, no, there is an SNMP hierarchy, I just edited it out (...) for privacy.
Remember that I was able to successfully use SNMP to keep track of interface traffic and host metrics before.
It seems that JunOS doesn't allow direct polling through an interface in a custom routing instance:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB30459&cat=SRX_240&actp=LIST
So at this point, I'm trying to work around that limitation, and DNAT from ingress untrust -> trust -> loopback.
The traffic does go around the device, but ultimately when the SNMP traffic lands on loopback, the SRX doesn't accept the traffic.
Jul 16 15:49:03 15:49:03.019255:CID-1:RT:Loopback first path alloc pending session, natp=0x7fd9bf0, id=15522
Jul 16 15:49:03 15:49:03.019255:CID-1:RT: flow_first_in_dst_nat: in <lo0.0>, out <lo0.0> dst_adr 127.0.0.1, sp 59127, dp 161
Jul 16 15:49:03 15:49:03.019255:CID-1:RT: chose interface lo0.0 as incoming nat if.
Jul 16 15:49:03 15:49:03.019255:CID-1:RT: packet dropped: for self but not interested
Jul 16 15:49:03 15:49:03.019255:CID-1:RT: packet dropped, packet dropped: for self but not interested.
Jul 16 15:49:03 15:49:03.019255:CID-1:RT:flow_first_install_session: Loopback session processing aborted
The 'self' zone in which the loopback interface is located does have SNMP allowed:
# show security zones security-zone self
interfaces {
lo0.0 {
host-inbound-traffic {
system-services {
snmp;
}
}
}
}