GFI LanGuard uses the SNMP protocol to query for vulnerabilities present in network switches, firewalls, and other network devices.
There are two methods to find vulnerabilities on your devices:
Method 1: scan the devices using a vulnerability scan
GFI LanGuard allows administrator to run a pre-configured scan in the network to search for vulnerabilities. The scan uses a profile where the administrator can see the details of checks performed and make adjustment if necessary.
To run a successful scan:
- Ensure your devices are configured to respond to SNMP requests from the LanGuard machine:
- SNMP agent must be running on the target device and accepting SNMP queries.
- The agent must be listening on UDP port 161.
- Make sure you set a community string that is not easy to guess.
- Open the GFI Languard console
- If needed, adjust the scan profile. For more information see http://go.gfi.com/?pageid=LanGuardHelp#cshid=ScanningProfileEditor
- Run a scan by accessing the Scan tab, adjusting the settings and clicking Scan.
Method 2: Use SNMP utilities
GFI LanGuard provides administrator with two SNMP utilities that can be used to troubleshoot issues when the scan are not giving proper results or to perform some custom test.
SNMP testing utilities can be found under the Utilities tab:
- SNMP Audit - Checks for weak community strings. For more information see http://go.gfi.com/?pageid=LanGuardHelp#cshid=SNMPAuditing
- SNMP Walk - Queries for the current value of specific Object IDs. You can use it to see if the target device is replying to SNMP requests. You can also use it to "walk" down the SNMP Object ID Tree from a specific point, or to check a specific Object ID, specified in the check properties. For more information see http://go.gfi.com/?pageid=LanGuardHelp#cshid=SNMPWalk
- GFI LanGuard supports SNMPv1 and SNMPv2c.
- SNMPv3 and SNMP over TLS/DTLS are not supported.