How to Configure SNMPv2 on the Palo Alto Networks Firewall
352901
Created On 09/25/18 17:39 PM - Last Modified 06/08/23 08:58 AM
Resolution
Overview
This document explains how to configure SNMPv2 on the Palo Alto Networks firewall.
Steps
- Begin by configuring the SNMP trap server profile.
- Go to Device > Server Profiles
- Click the SNMP Trap link
- Click the Add button to add a server and choose the version
- The following fields need to be filled in:
Server: SNMPtrap destination name (up to 31 characters).
Manager: Specify the IP address of the trap destination.
Community: Specify the community string required to send traps to the specified destination (default is public).
- Go to Setup under the Device.
- In the lower right corner, click SNMP Setup.
- In the lower right corner, click SNMP Setup.
- When the SNMP setup appears, enter the following criteria:
- Physical: Location Specify the physical location of the firewall.
Exp. Santa Clara - Contact: Enter the name or email address of the person responsible for maintaining the firewall.
This setting is reported in the standard system information MIB - Use Event-Specific Trap Definitions: Check the box to use a unique OID for each SNMP trap based on the event type.
(Default is selected) - Version: Select the SNMP version (V2c or V3). This setting controls access to the MIB information.
By default, V2c is selected with the “public” community string.
For V2c, configure the following setting:
SNMP Community String: Enter the SNMP community string for firewall access (default is Public).
- Physical: Location Specify the physical location of the firewall.
- Configure log forwarding:
- Click on the Device tab and open up the Log Settings folder. Choose the log from which to send traps.
- Choose the log severity to trap
- When the severity window appears, use the drop down menu to choose the SNMP server profile to send the traps
- Enable SNMP service on management interface:
- Go to the Device tab and then Setup
- Click the Management Link
- Click the Management Interface Settings button
- Check the SNMP box
Note: If using an interface apart from Management, please make sure that the Interface Management profile associated with the Interface has SNMP enabled.
- Commit the changes to see the traps being sent to the SNMP server from the management port.
owner: nayubi