I was surprised, too. many ISPs block port 161 for residential users, aiming to prevent misconfigured routers amplify DDoS attacks. However, it is not always possible to have a dedicated link without locks, so it is necessary to change the snmp port. with other vendors and Linux for example, I can easily change the snmp port to a high port (example: 15061), but in Mikrotik, it has no option to change the snmp port. I had to use the rule above, which is a lousy taste alternative.
I also have cloud monitoring, and some clouds block port 161 as well. and it is complex to request the release of that UDP port. for this and other reasons is a necessary feature in an upcoming version of ROS.
in general monitoring systems such as Zabbix, Librenms, PRTG allow configuration of SNMP’s distinctive listening ports easily. only Mikrotik is missing this feature.
I agree, i have a handful of locations where the ISP blocks udp 161. It would be nice if we could change this in the winbox interface directly. but do keep in mind you can accomplish this same thing via a NAT rule (depending upon your setup/layout). here is what im using for a MT that has a public ip dirct from ISP:
add action=dst-nat chain=dstnat comment=\
"redirect THIS MTs SNMP bc xxx seems to be blocking udp 161 - jul 11 2018" dst-address=my.pub.ip.here \
dst-port=1610 protocol=udp src-address-list=adminIPs to-addresses=10.7.20.1 to-ports=161