I'm in the process of hardening my SRX firewall in my environment and I'm required to limit the ability to poll via SNMP to loopback interface only. I was able to create a client list to limit only requests coming from my monitoring server. I also have a complex community string and v3 enabled. My security policies also limit the connection this way as well. However when I commit "
set snmp interface lo0.0" I lose SNMP connectivity. I read through the documentation and realized that its referenced in a way that limits SNMP requests to devices
connected to the specified interface rather than limit polling only to the specified interface. If this is a remote address that does not have dedicated management hardware/OOB is it even possible to use the
snmp interface command?
------------------------------
Thomas Anderson
------------------------------