Enabling SNMP monitoring on the non-mgmt interface of the firewall when IPv6 is used

Enabling SNMP monitoring on the non-mgmt interface of the firewall when IPv6 is used

10925
Created On 01/07/21 13:48 PM - Last Modified 06/16/23 12:00 PM


Symptom


Non-management interface does not respond to SNMP queries from a SNMP manager/server.

Cause


This is the current design limitation due to IPv6 communication between Data Plane and Management Plane. All host based SNMP packets arriving to the non-management interface on Data Plane need to be routed to the Management Plane where "snmpd" process is running.

Resolution


In order to enable SNMP monitoring on the non-management interface of the firewall, it is necessary to configure an interface "Management Profile" with SNMP service enabled, and attach that profile to the necessary interface.

If IPv6 address is configured on the interface, it is also necessary to configure a destination service route for the IP address of the SNMP manager/server using the non-management interface as the source interface. The following CLI commands can be run to do necessary config.

> configure
# set deviceconfig system route destination IPv6_ADDRESS_OF_THE_SNMP_SERVER source interface SOURCE_INTERFACE_NAME
# set deviceconfig system route destination IPv6_ADDRESS_OF_THE_SNMP_SERVER source address IPv6_ADDRESS_OF_THE_INTERFACE
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCCtCAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language