HOW TO CONFIGURE SNMPV3 ON THE PALO ALTO NETWORKS FIREWALL

HOW TO CONFIGURE SNMPV3 ON THE PALO ALTO NETWORKS FIREWALL

115215
Created On 05/02/22 10:21 AM - Last Modified 10/06/22 22:28 PM


Objective


This document explains how to configure SNMPv3 on the Palo Alto Networks firewall. Begin by configuring the SNMP trap server profile and to setup up SNMP

Environment


  • Palo Alto Firewall or Panorama
  • PAN-OS 9.1 and above


Procedure


​​Begin by configuring the SNMP trap server profile.

  1. Go to Device > Server Profiles
  2. Click the SNMP Trap
  3. Click the Add button to add a server and choose the version
  4. For V3, The following fields need to be filled in:
    1. Name:  Specify a name for the SNMP manager (up to 31 characters).
    2. Manager:  Specify the IP address of the trap destination.
    3. User:  Specify a username to identify the SNMP user account (up to 31 characters).
    4. EngineID:  Specify the engine ID of the firewall(used to identify the firewall, or leave blank and the firewall's serial number will be used).
    5. Authentication Password:  Type and confirm the authentication password. The password must be between 8 and 256 characters long. All characters are allowed.
    6. Privacy Password:  Type and confirm privacy password. The password must be between 8 and 256 characters long. All characters are allowed.
    7. Authentication Protocol:  Specify the Authentication protocol. The firewall uses the  secure hash algorithm to encrypt the password.
    8. Privacy Protocol:  Specify the Privacy Protocol. The firewall uses the password and Advanced Encryption Standard 128 (AES-128) to encrypt SNMP traps and responses to statistics requests.
 

Screenshot 2022-04-29 at 12.15.33.png
 

SNMP Setup

  1. Go to Device > Setup > Operations > SNMP Setup.
    1. Screenshot 2022-05-01 at 11.55.02.png
  2. When the SNMP setup appears, enter the following criteria:
    1. Physical:  Location Specify the physical location of the firewall.
    2. Contact:  Enter the name or email address of the person responsible for maintaining the firewall.(This setting is reported in the standard system information MIB)
    3. Use Event-Specific Trap Definitions:  Check the box to use a unique OID for each SNMP trap based on the event type.
    4. Version:  Select the SNMP version (V2c or V3). This setting controls access to the MIB information.
For V3, configure the following setting: 
In the View section, click Add. Enter name for the group, then configure the following for each view you add to the group
View:  Specify a name for the view. The name can have up to 31 characters that are alphanumerical, periods, underscores or hyphens
OID:  Specify the OID of the MIB.
Option:  Select the matching logic to apply to the MIB
Mask:  Specify the mask in hexadecimal format
 
Screenshot 2022-04-29 at 11.49.11.png
 
In the User section, click Add. Enter a name for the user, then configure the following fields for each view you add to the group:
User name:  Specify a username to identify the SNMP user account. The username you configured on the firewall must match the username configured on the SNMP manager. The username can have up to 31 characters.

View:  Assign a group of views to the user.
Authentication password: Type and confirm the authentication password. The password must between 8 and 256 characters long. All the characters are allowed.
Privacy password:  Type and confirm privacy password. The password must be 8 and 256 character long. All the characters are allowed.
Authentication protocol: Specify the authentication profile. The firewall uses the secure hash algorithm to encrypt the password.
Privacy protocol: Specify the Privacy Protocol. The firewall uses the password and advanced encryption standard to encrypt SNMP traps and responses to statistics requests.
 
  1. Enable SNMP service on management interface:
    1. Go to the Device tab and then Setup
    2. Click the Management
    3. Click the Management Interface Settings button
    4. Check the SNMP box
 
Screenshot 2022-04-29 at 14.07.53.png
Note: If using an interface apart from Management, please make sure that the Interface Management profile associated with the Interface has SNMP enabled.
 
  1. Commit the changes to see the traps being sent to the SNMP server from the management port.


Additional Information


HOW TO CONFIGURE SNMPV2 ON THE PALO ALTO NETWORKS FIREWALL
 


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oNoYCAU&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language