Enabling SNMP monitoring for Servers published by ISA
Enabling SNMP access through ISA 2006 was a big challenge. I was able to configure the ISA servers to respond to SNMP walk from Servers in a different network ( or External Servers from ISA point of view) but was unable to get the servers in the DMZ respond to SNMP. My ISA setup had a NAT supported Network Rule instead of Route.
Here are the steps that I had to do for allowing SNMP walk to the DMZ servers :
Create an inbound protocol definition with the following specifications :
a. Protocol Type : UDP
b. Ports : 161-162
c. Direction : Receive and Send. ( Donot set it to Send and Receive as that represents Outbound Traffic)
Add ip address to the External Interface of the Firewall. This ip address should be in the range of the ip addresses allocated to the External interface of the ISA server.
Add aNon Web Server publishing Rule with the ip address of the DMZ server you want to do an SNMP walk to as the destination .
Choose the newly created SNMP protocol that you have defined in 1.
Group the SNMP Manager hosts ( or your source servers) into a Computer Set ( from Toolbox under Firewall Policy) and set the group as Source.
http://www.techbiswas.com/2010/01/enabling-snmp-monitoring-for-servers.html
