Unable to poll interface data using SNMP after upgrading to PAN-OS 8.0.14 or 8.1.5

Unable to poll interface data using SNMP after upgrading to PAN-OS 8.0.14 or 8.1.5

17429
Created On 02/25/19 09:45 AM - Last Modified 06/21/19 20:44 PM


Symptom


  • Palo Alto Network Firewall interfaces are being monitored using SNMP for plotting traffic pattern.
  • Upgraded PAN-OS to 8.0.14 or 8.1.5.
  • Monitoring tool reports no traffic on the interfaces.
  • Output of >show interface ethernetx/x shows the rx/tx counters incrementing

Environment


  • The monitoring tool has been configured to poll the Palo Alto Networks Firewall using SNMP.
  • OID configured on the monitoring tool is .1.3.6.1.2.1.2.2.1.
  • The monitoring tool considers the following values returned by the Firewall :-
    • IF-MIB::ifInOctets.1
    • IF-MIB::ifOutOctets.1

Cause


  • After the upgrade, the 32 bit counters report a value of 0 even when the >show interface ethernetx/x shows the correct values.
IF-MIB::ifOutOctets.1 = Counter32: 0
IF-MIB::ifOutOctets.2 = Counter32: 0
IF-MIB::ifOutOctets.3 = Counter32: 392624548
IF-MIB::ifOutOctets.4 = Counter32: 0
IF-MIB::ifOutOctets.5 = Counter32: 0
IF-MIB::ifOutOctets.6 = Counter32: 0
IF-MIB::ifOutOctets.7 = Counter32: 0
IF-MIB::ifOutOctets.8 = Counter32: 0
IF-MIB::ifOutOctets.9 = Counter32: 0
IF-MIB::ifOutOctets.10 = Counter32: 0
IF-MIB::ifOutOctets.11 = Counter32: 0
IF-MIB::ifOutOctets.12 = Counter32: 0
 
  • After the upgrade, the Palo Alto Networks Firewall uses 64 bit counters to respond with the rx/tx interface counters.
  • 64 bit counters can hold a bigger numeric value compared to the 32 bit counters which get rolled over faster.
  • These are the correct non-zero values which are seen on the interface as well.
IF-MIB::ifHCOutOctets.1 = Counter64: 0
IF-MIB::ifHCOutOctets.2 = Counter64: 0
IF-MIB::ifHCOutOctets.3 = Counter64: 392624548
IF-MIB::ifHCOutOctets.4 = Counter64: 3111114
IF-MIB::ifHCOutOctets.5 = Counter64: 336
IF-MIB::ifHCOutOctets.6 = Counter64: 0
IF-MIB::ifHCOutOctets.7 = Counter64: 0
IF-MIB::ifHCOutOctets.8 = Counter64: 0
IF-MIB::ifHCOutOctets.9 = Counter64: 0
IF-MIB::ifHCOutOctets.10 = Counter64: 0
IF-MIB::ifHCOutOctets.11 = Counter64: 0
IF-MIB::ifHCOutOctets.12 = Counter64: 0

 

 

Resolution


  • Using the following OID returns the correct values using 64 bit counters :-

.1.3.6.1.2.1.31.1.1.1
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boBT&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail