Skip to main content

Viasat

General Information

Forward Enterprise collects from Viasat KG-250X encryptors over SNMPv3. Viasat encryptors are not auto-detected, so the device type and credential must be set manually.

1. Prepare the Encryptor

SNMPv3 must be enabled on the Viasat encryptor, and a dedicated SNMPv3 user must exist for collection. You will need an existing SNMPv3 administrator credential on the device to create the new user.

Any SNMPv3 management tool that supports USM (User-based Security Model) user creation and VACM (View-based Access Control Model) group assignment can perform this setup — the operations are standard SNMPv3 (RFC 3414, RFC 3415) and not tied to any specific package. The examples below use the Net-SNMP command-line tools (snmpusm, snmpvacm); if you use a different SNMPv3 manager, perform the equivalent operations with its syntax.

Replace the placeholders in the examples with values from your environment:

  • ADMIN_USER / ADMIN_PASS — existing SNMPv3 administrator credentials on the encryptor
  • COLLECT_USER — the SNMPv3 username Forward will use to collect
  • COLLECT_PASS — the password Forward will use (used for both authentication and privacy)
  • DEVICE_IP — the management IP of the encryptor

Clone the admin user to create a collection user:

snmpusm -v3 -u ADMIN_USER -l authPriv -a SHA -A ADMIN_PASS -x AES -X ADMIN_PASS \
    DEVICE_IP create COLLECT_USER ADMIN_USER

Set the password for the new user:

snmpusm -v3 -u ADMIN_USER -l authPriv -a SHA -A ADMIN_PASS -x AES -X ADMIN_PASS \
    DEVICE_IP passwd ADMIN_PASS COLLECT_PASS COLLECT_USER

Add the new user to the HAIPE config group so it can read the collected objects:

snmpvacm -v3 -u ADMIN_USER -l authPriv -a SHA -A ADMIN_PASS -x AES -X ADMIN_PASS \
    DEVICE_IP createSec2Group 3 COLLECT_USER haipeConfigGroup

Verify you can query the encryptor with the new credentials before moving on:

snmpget -v3 -u COLLECT_USER -l authPriv -a SHA -A COLLECT_PASS -x AES -X COLLECT_PASS \
    DEVICE_IP sysDescr.0

2. Add an SNMP Credential in Forward

From the navigation panel, select CollectionCredentialsSNMP Credentials and add a new SNMPv3 credential using the COLLECT_USER / COLLECT_PASS created above:

  • Version: SNMPv3
  • Username: COLLECT_USER
  • Auth type: SHA
  • Auth password: COLLECT_PASS
  • Privacy protocol: AES
  • Privacy password: COLLECT_PASS

Both an auth password and a privacy password are required — the Viasat collector rejects credentials without both.

note

The Forward credential form exposes all SNMPv3 auth types (MD5, SHA, SHA-256/384/512) and privacy protocols (DES, AES-128/192/256), but the encryptor itself may only accept a subset. SHA with AES is the combination verified against production deployments; if collection fails with a different combination, switch to SHA + AES before debugging further.

3. Add the Viasat Device to Sources

Because Viasat encryptors are not auto-detected, add the device manually and set its type explicitly.

  1. Navigate to SourcesDevicesAdd Device.
  2. Enter a Name and the encryptor's IP/host.
  3. Under Type, select Viasat Encryptor SNMPv3.
  4. Under SNMP credentials, select the credential created in step 2.
  5. Save the device.

Bulk workflows (CSV import and the REST API) also work — in both cases the device type must be set to viasat_encryptor_snmp3 and an SNMPv3 credential must be associated.

What Is Collected

The Viasat collector gathers the following over SNMP:

  • Interfaces, interface IP addresses, and IP routing table
  • Packet filters, IPsec policies, traffic selectors, and tunnel status
  • Inventory and system description
  • HAIPE-specific state: station identifier, system date and uptime, DVROW status, battery change date, and Firefly certificate information