SNMP Traps from devices on different VLAN don't make it past windows firewall

BZeto

Platinum Member
Apr 28, 2002
2,428
0
76
Hello networking forum :)

I'm setting up System Center Operations Manager and having an issue with receiving SNMP traps from devices on different VLANs. I don't receive them unless I disable the windows firewall. I've tried opening up TCP/UDP 161 and 162 with no luck. Looking at firewall logs from failed attempts I see that the destination port is dynamic. In the UDP 50000+ range.

When I open UDP 50000-65000 it starts working. Well, that isn't really an option. Why is SNMP from devices on different subnets/VLANs targeted at these dynamic ports and not 161?
 

yinan

Golden Member
Jan 12, 2007
1,801
2
71
What you could do is open up the Windows firewall completely only to those certain devices.
 

BZeto

Platinum Member
Apr 28, 2002
2,428
0
76
The device is a switch so I don't think that would be good.
I ended up figuring it out. It was a misconfiguration on the switch. I had the change the snmp response source address to 'destination IP of request'