How to Configure SNMPv3 Polling
Resolution
Steps
Configure SNMPv3:
- From the WebGUI go to Device > Setup > Operations > SNMP Setup.
- Select Version V3
- A view needs to be configured and assigned to a user.
- For this example, a view called "testviewsetup: is created and assigned to user "test", with the password set as "paloalto".
Note: Spaces are not allowed in the view name and the user must be a firewall administrator.
- Create the view as shown in the following screenshot to allow this view to access all possible OIDs.
- Create the user account using this view.
- Commit the configuration.
Poll the device from a Linux workstation:
- To perform an SNMPGET, run the command:
root@linux2:~# snmpget -v 3 -u [username] -l authPriv -a SHA -A [auth password]-x AES -X [priv password] [IP address] .1.3.6.1.2.1.1.1.0
Response:
iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"
Note: PAN-OS 5.0 and 6.0 all use Secure Hash Algorithm (SHA-1 160) for Auth Password and Advanced Encryption Standard (AES 128) for Priv Password.
- To perform an SNMPWALK, run the command:
root@linux2:~# snmpwalk -v 3 -u [username] -l authPriv -a SHA -A [auth password] -x AES -X [priv password] [IP address]
Response:
iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.25461.2.3.6
iso.3.6.1.2.1.1.3.0 = Timeticks: (1235369) 3:25:53.69
iso.3.6.1.2.1.1.4.0 = STRING: "Not Set"
iso.3.6.1.2.1.1.5.0 = STRING: "PA500-wtam"
iso.3.6.1.2.1.1.6.0 = STRING: "Unknown"
iso.3.6.1.2.1.1.8.0 = Timeticks: (5) 0:00:00.05
(output truncated)
Engine ID is not required for polling purposes. However for sending Traps, an engine ID needs to be configured under SNMP Trap Server profile. For more information reference the following document:
How to Configure Sending SNMPv3 Traps on PAN-OS 5.0.x and above
owner: achitwadgi