Feature Request: Update SNMPv3 Encryption Algorithms (SHA256, AES128, AES256, etc.)

fabianoettlfabianoettl
in Firebox - Product Enhancements

Dear Watchguard Support Team,

I would like to kindly request the opening of a feature request to update the encryption algorithms available for SNMPv3 on Watchguard devices, specifically to include modern standards such as SHA256, AES128, AES256, and similar options.

Background:
Currently, on a FireboxV running version 12.11.1 (Build B711554), the available options for SNMPv3 encryption are limited to the following:

  • Authentication Protocol:

    • None
    • MD5
    • SHA

  • Encryption Protocol:

    • None
    • DES

These protocols no longer align with current security standards and are widely considered insecure. Additionally, the upcoming Zabbix cluster, based on AlmaLinux 9, no longer supports the DES protocol at all. According to the Red Hat Enterprise Linux 9 documentation (see: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/considerations_in_adopting_rhel_9/assembly_shells-and-command-line-tools_considerations-in-adopting-rhel-9#ref_changes-to-system-management_assembly_shells-and-command-line-tools), the DES algorithm has been removed from net-snmp communication in RHEL 9 due to its insecurity and lack of support in the OpenSSL library.

Impact:
Without updated encryption options, encrypted SNMPv3 monitoring will not be possible with the new Zabbix system unless the firewall is monitored via a proxy running AlmaLinux 8. This limitation could significantly affect secure network management moving forward.

Request:
Please consider adding support for modern encryption algorithms (e.g., SHA256, AES128, AES256) to SNMPv3 in future Watchguard firmware updates to ensure compatibility with current and future systems and to meet modern security standards.

Thank you for your attention to this matter. Please let me know if you need any further details to process this request.

Best regards,
Fabian Öttl

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @fabianoettl

    I don't have an open feature request for this yet.

    Can you please open a support case with this info (it's ok if you just copy/paste what you wrote into the case.) This will allow us to get a feature request written up specifically for your issue and link it to your case.

    If you already have a case open, or you create one, can you please reply here with the case number.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.