7 SNMP V3 Enhancements

By default, Session Monitor supports HMAC as an authentication protocol and AES as encryption protocol for User Based Security Model for SNMP v3. In particular, below HMAC/AES modes are supported:

  1. usmHMACSHAAuthProtocol (per RFC 3414)
  2. usmAesCfb128Protocol

As part of FIPS 140-2 compliance enhancements, Session Monitor has introduced support for SHA-2 hash functions in the HMAC mode as defined in RFC 7630 for SNMP v3. usmHMAC192SHA256AuthProtocol HMAC authentication protocol is now supported: : usmHMAC192SHA256AuthProtocol uses SHA-256 and truncates the output to 192 bits (24 octets).

To enable usmHMAC192SHA256AuthProtocol Authentication protocol in SNMP v3,

  1. In the GUI, go to Settings, SNMP Options.
  2. Select the configuration option Use SHA256 Auth.

    Figure 7-1 Use SHA256 Auth Configuration Option


    Use SHA256 Auth Configuration Option

    Note:

    It is recommended to select the option Use SHA256 Auth when the FIPS mode is enabled in Oracle Linux /MySQL.
    Enabling the Use SHA256 Auth option does not have any impact Enable/Disable SNMP Export for a particular KPI from the Favorites bar in the KPI/Metrics page. The Enable/Disable SNMP Export feature continues to work as before.

    Figure 7-2 Enable/Disable SNMP Export


    Enable/Disable SNMP Export