How to Configure SNMPv3 Polling

Steps

Configure SNMPv3:

1. From the WebGUI, go to Device > Setup > Operations > Miscellaneous > SNMP Setup.
   
2. Give it a Physical Location name and Select Version "V3"
   
   
3. A view needs to be configured and assigned to a user; this view will allow access to all possible OIDs. For this example, a view called "testviewsetup"
   

    

4. Here we will create and assign the user "test", with the password set as "paloalto" that will be using this view. (Note: Spaces are not allowed in the view name, and the user must be a firewall administrator.)
   
5. Commit the configuration.

Poll the device from a Linux workstation:

• To perform an SNMPGET, run the command:

  root@linux2:~# snmpget -v 3 -u [username] -l authPriv -a SHA -A [auth password]-x AES -X [priv password] [IP address] .1.3.6.1.2.1.1.1.0

   

  Response:

  iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"

   

  Note: PAN-OS 5.0 and 6.0 all use Secure Hash Algorithm (SHA-1 160) for Auth Password and Advanced Encryption Standard (AES 128) for Priv Password.

• To perform an SNMPWALK, run the command:

  root@linux2:~# snmpwalk -v 3 -u [username] -l authPriv -a SHA -A [auth password] -x AES -X [priv password] [IP address]

   

  Response:

  iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"

  iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.25461.2.3.6

  iso.3.6.1.2.1.1.3.0 = Timeticks: (1235369) 3:25:53.69

  iso.3.6.1.2.1.1.4.0 = STRING: "Not Set"

  iso.3.6.1.2.1.1.5.0 = STRING: "PA500-wtam"

  iso.3.6.1.2.1.1.6.0 = STRING: "Unknown"

  iso.3.6.1.2.1.1.8.0 = Timeticks: (5) 0:00:00.05

  (output truncated)

Engine ID is not required for polling purposes. However, for sending Traps, an engine ID needs to be configured under SNMP Trap Server profile. For more information, reference the following document:

How to Configure Sending SNMPv3 Traps on PAN-OS 5.0.x and above