Cisco Cisco Web Security Appliance S670 User Guide

SNMP provides the ability to send traps, or notifications, to advise an administration application when one 
or more conditions have been met. Traps are network packets that contain data relating to a component of 
the system sending the trap. Traps are generated when a condition has been met on the SNMP agent (in this 
case, the Cisco Web Security Appliance appliance). After the condition has been met, the SNMP agent 
then forms an SNMP packet and sends it to the host running the SNMP management console software. 

You can configure SNMP traps (enable or disable specific traps) when you enable SNMP for an 
interface. 

To specify multiple trap targets: when prompted for the trap target, you may enter up to 10 comma 
separated IP addresses. 

The connectivityFailure trap is intended to monitor your appliance’s connection to the internet. It does 
this by attempting to connect and send an HTTP GET request to a single external server every 5 to 7 
seconds. By default, the monitored URL is 

downloads.ironport.com

 on port 80. 

To change the monitored URL or port, run the 

snmpconfig

 command and enable the connecivityFailure 

trap, even if it is already enabled. You will see a prompt to change the URL. 

To simulate connectivityFailure traps, you can use the 

dnsconfig

 CLI command to enter a non-working 

DNS server. Lookups for downloads.ironport.com will fail, and traps will be sent every 5-7 seconds. Be 
sure to change the DNS server back to a working server after completing your test. 

wsa.example.com> snmpconfig

Current SNMP settings:

SNMP Disabled.

Choose the operation you want to perform:

- SETUP - Configure SNMP.

[]> SETUP

Do you want to enable SNMP? 

[Y]> 

Please choose an IP interface for SNMP requests.

1. Management (198.51.100.1: wsa.example.com)

[1]> 

Which port shall the SNMP daemon listen on interface "Management"?

[161]> 

Please select SNMPv3 authentication type:

1. MD5

2. SHA

[1]> 2