I usually look at the packets themselves to see where they are being blocked.
In our case, we use mostly cisco; so I'll set up an RSPAN on the far side of the firewall between it and the target and filter for SNMP from/to the server's IP. Doesn't matter what the content is, you just want to confirm that you see both a query packet and a reply packet. If you see both; then move the RSPAN collection point to somewhere between the firewall and the server and again confirm that you see both the query and reply (your firewall might only be blocking the replies). And, of course, you can run tcpdump right on your server (and potentially the remote device too).
Juniper's let you do a tcpdump right on the switch so it's quite a bit easier. Palo's will collect a dump file you can download to your desk. I don't have a lot of experience with other brands; but I'm sure they all let you collect a dump one way or another.
On 6/16/25 07:39, zank--- via observium wrote:
This email originated outside of WHOI. Please use caution if clicking on links or opening attachments.
Hello, thank you for the reply. So for the firewalls it's kind of weird because we have multiple devices on that gateway that show up normal (UP) only this one UPS is shown as down and it can't do snmpget from the observium host, but when I try from a different virtual machine snmpget goes through. Is it possible the firewall is only blocking this one poll? I am verry sorry if it seem as a dumb question I am new to this and they just launched me into the deep end since at the start 180 out of 226 devices showed down, and I got it down to only showing one down _______________________________________________ observium mailing list -- observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.org