DataDog · Pierre-L42 · May 2, 2025 · May 5, 2025
@@ -37,7 +37,7 @@ Datadog Agent v7.37+ supports listening for SNMP Traps, enabling you to set up [
          authKey: myAuthKey
          authProtocol: "SHA"
          privKey: myPrivKey
-         privProtocol: "AES" 
+         privProtocol: "AES"
        - user: "user"
          authKey: myAuthKey
          authProtocol: "MD5"
@@ -52,6 +52,8 @@ Datadog Agent v7.37+ supports listening for SNMP Traps, enabling you to set up [
 
    **Note**: Multiple v3 users and passwords are supported as of Datadog Agent `7.51` or higher.
 
+   **Note**: Ensure that your [firewall rules][7] allow incoming UDP traffic on the configured port.
+
 2. Once configured, SNMP traps are forwarded as logs and can be found in the [Log Explorer][2] with the following search query: `source:snmp-traps`.
 
   {{< img src="network_device_monitoring/snmp/snmp_logs_2.png" alt="Log Explorer showing `source:snmp-traps` with an SNMP Trap log line selected, highlighting the Network Device tag" style="width:90%" >}}
@@ -88,9 +90,9 @@ Binding to a port number under 1024 requires elevated permissions. To bind to a
 
 As in [Network Device Monitoring][3], namespaces can be used as tags to differentiate between multiple network devices that may share the same private IP. For example, consider a case of two routers: one in New York and one in Paris, which share the same private IP. There should be one Agent in the New York data center and another in the Paris data center. You may wish to tag these with `namespace: nyc` and `namespace: paris`, respectively.
 
-The namespace can then be used to uniquely pivot from an SNMP Trap to the emitter device, or from the emitter device to an SNMP Trap. 
+The namespace can then be used to uniquely pivot from an SNMP Trap to the emitter device, or from the emitter device to an SNMP Trap.
 
-It is critical to have consistency between the multiple Agent configurations. For instance, if you have two Agents configured (for example, one for trap collection, and the other for metrics) you must ensure that the namespaces exist in both places. Alternatively, ensure that the namespaces exist in neither. 
+It is critical to have consistency between the multiple Agent configurations. For instance, if you have two Agents configured (for example, one for trap collection, and the other for metrics) you must ensure that the namespaces exist in both places. Alternatively, ensure that the namespaces exist in neither.
 
 ## Resolution
 
@@ -175,3 +177,4 @@ If there are errors due to missing dependencies and you have access to the missi
 [4]: /developers/integrations/python
 [5]: https://pypi.org/project/pysmi/
 [6]: /agent/configuration/agent-commands/#start-stop-and-restart-the-agent
+[7]: /network_monitoring/devices/troubleshooting#traps-or-flows-not-being-received-at-all
@@ -145,6 +145,53 @@ If you see a permission denied error while port binding in agent logs, the port
    - privKey
    - privProtocol
 
+### Traps or Flows not being received at all
+
+A common cause of missing SNMP traps or NetFlow traffic is that firewall rules are blocking UDP packets before they reach the Agent. Both SNMP traps and NetFlow use the UDP protocol and rely on the ports defined in your `datadog.yaml` configuration.
+
+Use the following platform-specific commands to check for firewall rules that may be preventing traffic from reaching the Agent.
+
+#### Linux
+
+Linux have multiple types of firewall (such as `iptables`, `nftables`, or `ufw`), depending on which one is in use, the following commands can be used:
+
+- `sudo iptables -S`
+
+- `sudo nft list ruleset`
+
+- `sudo ufw status`
+
+Look for any rules that block UDP traffic on the configured ports.
+
+#### Windows
+
+```
+Get-NetFirewallRule -Action Block | ForEach-Object {
+    $rule = $_
+    Get-NetFirewallPortFilter -AssociatedNetFirewallRule $rule | Select-Object
+        @{Name="Name"; Expression={$rule.Name}},
+        @{Name="DisplayName"; Expression={'"' + $rule.DisplayName + '"'}},
+        @{Name="Direction"; Expression={$rule.Direction}},
+        @{Name="Protocol"; Expression={$_.Protocol}},
+        @{Name="LocalPort"; Expression={$_.LocalPort}},
+        @{Name="RemotePort"; Expression={$_.RemotePort}}
+} | Format-Table -AutoSize
+```
+
+Look for rules where:
+
+- Direction is Inbound
+- Protocol is UDP
+- LocalPort matches the configured ports
+
+#### MacOS
+
+```
+sudo pfctl -sr
+```
+
+Look for any rules that block UDP traffic on the configured ports, such as: `block drop in proto UDP from any to any port = <CONFIG_PORT>`.
+
 ### Traps not being received for devices
 
 1. Check the Datadog `agent.log` file to ensure that you can bind to the traps port. The following error indicates that you are unable to bind to the traps port:
@@ -218,4 +265,4 @@ If you see a permission denied error while port binding in agent logs, the port
 [5]: /api/latest/network-device-monitoring/#get-the-list-of-interfaces-of-the-device
 [6]: /api/latest/network-device-monitoring/#get-the-list-of-tags-for-a-device
 [7]: /api/latest/network-device-monitoring/#update-the-tags-for-a-device
-[8]: /network_monitoring/devices/snmp_traps/#using-the-default-snmp-trap-port-162
+[8]: /network_monitoring/devices/snmp_traps/#using-the-default-snmp-trap-port-162
@@ -51,6 +51,8 @@ network_devices:
 
 After saving your changes, [restart the Agent][4].
 
+**Note**: Ensure that your [firewall rules][9] allow incoming UDP traffic on the configured ports.
+
 ## Aggregation
 
 The Datadog Agent automatically aggregates the data received into NetFlow to limit the number of records sent to the platform while maintaining most of the information. By default, flow recordings that have the same identifiers, such as `source`, `destination address`, `port`, and `protocol`, are aggregated together in five minute intervals. Additionally, the Datadog Agent can detect ephemeral ports and remove them. As a result, you may see Flows with `port:*`.
@@ -87,7 +89,7 @@ Enable Reverse DNS private IP enrichment to perform DNS lookups for hostnames as
 
 By [default][7], the Reverse DNS IP enrichment in your `datadog.yaml` file is disabled. To enable, see the [Configuration](#configuration) section of this page.
 
-Search for **DNS** in the Flow grouping of the facets section to locate flows associated with Reverse DNS IP enrichment: 
+Search for **DNS** in the Flow grouping of the facets section to locate flows associated with Reverse DNS IP enrichment:
 
 {{< img src="network_device_monitoring/netflow/dns_ip_enrichment.png" alt="Screenshot of the reverse DNS destination and source facets" width="100%" >}}
 
@@ -283,3 +285,4 @@ Use the `netstat -s` command to see if there are any dropped UDP packets:
 [6]: /monitors/types/netflow/
 [7]: https://github.com/DataDog/datadog-agent/blob/f6ae461a7d22aaf398de5a94d9330694d69560d6/pkg/config/config_template.yaml#L4201
 [8]: https://github.com/DataDog/datadog-agent/blob/f6ae461a7d22aaf398de5a94d9330694d69560d6/pkg/config/config_template.yaml#L4203-L4275
+[9]: /network_monitoring/devices/troubleshooting#traps-or-flows-not-being-received-at-all