snmp + firewalls + number of hosts polled

[andren]

We just moved our cacti system to new server (apache 2.2.4, php 5.2.1, mysql 5.0.37) and it works great.

However, our firewall on the cacti server seems to be blocking traffic from some (though not all) of the polled servers. The question here concerns snmp data and firewalls. (I looked but didn't find any info on this - if you have sources/links etc please let me know).

Our firewall blocks traffic on almost all ports, but port 161 is open in all directions. This works well - up to a certain number of servers polled. Once we get over a certain number of servers (7 with about 20 ) we stop receiving their polling data. The firewall on the cacti server is actually blocking the traffic.

Opening high port ranges (30000-40000 or so) solves this problem, but we are not sure this is the best solution.

Questions:
- Is there something like 'too much data' on port 161?
- What is th best approach to this problem?
- How do/did you handle this issue?
- Are there security implications?
- Is there a way to prevent this?

Looking forward to any responses.
-andre

[SyxPak]

Have you done a packet capture on the cacti server interface to see what's getting out?
Can you ping the hosts that fail to return from the server?