2Management33Remote access encryptionFor SNMP version 1 or 2c, the community string will be sent as plain text over a network. Thisis clearly not secure if a remote client is communicating over the public Internet. If this is thecase, it is recommended to have remote access take place over an encrypted VPN tunnel orsimilarly secure means of communication.Preventing SNMP overloadThe advanced setting SNMP Request Limit restricts the number of SNMP requests allowedper second. This can help prevent attacks through SNMP overload.Optional SNMP settingsYou can also set the following SNMP parameters:• SNMPSysContact – The contact person for this managed node.• SNMPSysName – The name of this managed node.• SNMPSysLocation – The physical location of this node.Example: Enabling SNMP monitoringThis example enables SNMP access through the internal lan interface from the networkmgmt‐net using the community string Mg1RQqR.Device:/> add RemoteManagement RemoteMgmtSNMP my_snmp SourceInterface=lan SourceNetwork=mgmt‐net SNMPGetCommunity=Mg1RQqRDate and timeCorrectly setting the date and time is important for the SEG to operate properly. For example,certificates used in certificate‐based VPN tunnels depend on the system clock beingaccurately set.In addition, log messages are tagged with timestamps in order to indicate when a specificevent occurred. Not only does this assume a working clock, but also that the clock is correctlysynchronized with other equipment in the network.You can set the date and time manually, which is recommended when a new SEG installationis started for the first time.Local system clockFor access to the current date and time, the SEG uses the local hardware real‐time hardwareclock. Depending on the hardware platform, this clock can be equipped with a battery backupso that a loss of power will not affect the clock.