>
    Supported MIBs
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Monitoring
    4. SNMP Monitoring and Traps
    5. Supported MIBs
    Download PDF
    Next-Generation Firewall

    Supported MIBs

    Table of Contents

    Supported MIBs

    Where Can I Use This?What Do I Need?
    • NGFW (Managed by PAN-OS or Panorama)
    • Support license
    • (Panorama) Device management license
    The following table lists the Simple Network Management Protocol (SNMP) management information bases (MIBs) that Palo Alto Networks firewalls, Panorama, and WF-500 appliances support. You must load these MIBs into your SNMP manager to monitor the objects (system statistics and traps) that are defined in the MIBs. For details, see Use an SNMP Manager to Explore MIBs and Objects.
    MIB Type
    Supported MIBs
    Standard—The Internet Engineering Task Force (IETF) maintains most standard MIBs. You can download the MIBs from the IETF website.
    Palo Alto Networks firewalls, Panorama, and WF-500 appliances don’t support every object (OID) in every one of these MIBs. See the Supported MIBs links for an overview of the supported OIDs.
    MIB-II
    IF-MIB
    HOST-RESOURCES-MIB
    ENTITY-MIB
    ENTITY-SENSOR-MIB
    ENTITY-STATE-MIB
    IEEE 802.3 LAG MIB
    LLDP-V2-MIB.my
    BFD-STD-MIB
    IP-MIB
    Enterprise—You can download the enterprise MIBs from the Palo Alto Networks Technical Documentation portal.
    PAN-COMMON-MIB.my
    PAN-GLOBAL-REG-MIB.my
    PAN-GLOBAL-TC-MIB.my
    PAN-LC-MIB.my
    PAN-PRODUCT-MIB.my
    PAN-ENTITY-EXT-MIB.my
    PAN-TRAPS.my

    MIB-II

    MIB-II provides object identifiers (OIDs) for network management protocols in TCP/IP-based networks. Use this MIB to monitor general information about systems and interfaces. For example, you can analyze trends in bandwidth usage by interface type (ifType object) to determine if the firewall needs more interfaces of that type to accommodate spikes in traffic volume.
    Palo Alto Networks firewalls, Panorama, and WF-500 appliances support only the following object groups:
    Object Group
    Description
    system
    Provides system information such as the hardware model, system uptime, FQDN, and physical location.
    interfaces
    Provides statistics for physical and logical interfaces such as type, current bandwidth (speed), operational status (for example, up or down), and discarded packets. Logical interface support includes VPN tunnels, aggregate groups, Layer 2 subinterfaces, Layer 3 subinterfaces, loopback interfaces, and VLAN interfaces.
    RFC 1213 defines this MIB.

    IF-MIB

    IF-MIB supports interface types (physical and logical) and larger counters (64K) beyond those defined in MIB-II. Use this MIB to monitor interface statistics in addition to those that MIB-II provides. For example, to monitor the current bandwidth of high-speed interfaces (greater than 2.2Gps) such as the 10G interfaces of the PA-5200 Series firewalls, you must check the ifHighSpeed object in IF-MIB instead of the ifSpeed object in MIB-II. IF-MIB statistics can be useful when evaluating the capacity of your network.
    Palo Alto Networks firewalls, Panorama, and WF-500 appliances support only the ifXTable in IF-MIB, which provides interface information such as the number of multicast and broadcast packets transmitted and received, whether an interface is in promiscuous mode, and whether an interface has a physical connector.
    RFC 2863 defines this MIB.

    HOST-RESOURCES-MIB

    HOST-RESOURCES-MIB provides information for host computer resources. Use this MIB to monitor CPU and memory usage statistics. For example, checking the current CPU load (hrProcessorLoad object) can help you troubleshoot performance issues on the firewall.
    Palo Alto Networks firewalls, Panorama, and WF-500 appliances support portions of the following object groups:
    Object Group
    Description
    hrDevice
    Provides information such as CPU load, storage capacity, and partition size. The hrProcessorLoad OIDs provide an average of the cores that process packets.
    For the PA-7000 and PA-5200 Series firewalls, which have multiple dataplanes (DPs), you can monitor individual dataplane processor utilization. Set alerts when utilization reaches a specific threshold for each DP processor to avoid service availability issues.
    hrSystem
    Provides information such as system uptime, number of current user sessions, and number of current processes.
    hrStorage
    Provides information such as the amount of used storage.
    RFC 2790 defines this MIB.

    ENTITY-MIB

    ENTITY-MIB provides OIDs for multiple logical and physical components. Use this MIB to determine what physical components are loaded on a system (for example, fans and temperature sensors) and see related information such as models and serial numbers. You can also use the index numbers for these components to determine their operational status in the ENTITY-SENSOR-MIB and ENTITY-STATE-MIB.
    Palo Alto Networks firewalls, Panorama, and WF-500 appliances support only portions of the entPhysicalTable group:
    Object
    Description
    entPhysicalIndex
    A single namespace that includes disk slots and disk drives.
    entPhysicalDescr
    The component description.
    entPhysicalVendorType
    The sysObjectID (see PAN-PRODUCT-MIB.my) when it is available (chassis and module objects).
    entPhysicalContainedIn
    The value of entPhysicalIndex for the component that contains this component.
    entPhysicalClass
    Chassis (3), container (5) for a slot, power supply (6), fan (7), sensor (8) for each temperature or other environmental, and module (9) for each line card.
    entPhysicalParentRelPos
    The relative position of this child component among its sibling components. Sibling components are defined as entPhysicalEntry components that share the same instance values of each of the entPhysicalContainedIn and entPhysicalClass objects.
    entPhysicalName
    Supported only if the management (MGT) interface allows for naming the line card.
    entPhysicalHardwareRev
    The vendor-specific hardware revision of the component.
    entPhysicalFirwareRev
    The vendor-specific firmware revision of the component.
    entPhysicalSoftwareRev
    The vendor-specific software revision of the component.
    entPhysicalSerialNum
    The vendor-specific serial number of the component.
    entPhysicalMfgName
    The name of the manufacturer of the component.
    entPhysicalMfgDate
    The date when the component was manufactured.
    entPhysicalModelName
    The disk model number.
    entPhysicalAlias
    An alias that the network manager specified for the component.
    entPhysicalAssetID
    A user-assigned asset tracking identifier that the network manager specified for the component.
    entPhysicalIsFRU
    Indicates whether the component is a field replaceable unit (FRU).
    entPhysicalUris
    The Common Language Equipment Identifier (CLEI) number of the component (for example, URN:CLEI:CNME120ARA).
    RFC 4133 defines this MIB.

    ENTITY-SENSOR-MIB

    ENTITY-SENSOR-MIB adds support for physical sensors of networking equipment beyond what ENTITY-MIB defines. Use this MIB in tandem with the ENTITY-MIB to monitor the operational status of the physical components of a system (for example, fans and temperature sensors). For example, to troubleshoot issues that might result from environmental conditions, you can map the entity indexes from the ENTITY-MIB (entPhysicalDescr object) to operational status values (entPhysSensorOperStatus object) in the ENTITY-SENSOR-MIB. In the following example, all the fans and temperature sensors for a PA-3020 firewall are working:
    The same OID might refer to different sensors on different platforms. Use the ENTITY-MIB for the targeted platform to match the value to the description.
    Palo Alto Networks firewalls, Panorama, and WF-500 appliances support only portions of the entPhySensorTable group. The supported portions vary by platform and include only thermal (temperature in Celsius) and fan (in RPM) sensors.
    RFC 3433 defines the ENTITY-SENSOR-MIB.

    ENTITY-STATE-MIB

    ENTITY-STATE-MIB provides information about the state of physical components beyond what ENTITY-MIB defines, including the administrative and operational state of components in chassis-based platforms. Use this MIB in tandem with the ENTITY-MIB to monitor the operational state of the components of a PA-7000 Series or PA-5450 firewall (for example, line cards, fan trays, and power supplies). For example, to troubleshoot log forwarding issues for Threat logs, you can map the log processing card (LPC) indexes from the ENTITY-MIB (entPhysicalDescr object) to operational state values (entStateOper object) in the ENTITY-STATE-MIB. The operational state values use numbers to indicate state: 1 for unknown, 2 for disabled, 3 for enabled, and 4 for testing. The PA-7000 Series and PA-5450 firewall are the only Palo Alto Networks firewalls that support this MIB.
    RFC 4268 defines the ENTITY-STATE-MIB.

    IEEE 802.3 LAG MIB

    Use the IEEE 802.3 LAG MIB to monitor the status of aggregate groups that have Link Aggregation Control Protocol (LACP in an Aggregate Interface Group) enabled. When the firewall logs LACP events, it also generates traps that are useful for troubleshooting. For example, the traps can tell you whether traffic interruptions between the firewall and an LACP peer resulted from lost connectivity or from mismatched interface speed and duplex values.
    PAN-OS implements the following SNMP tables for LACP.
    The dot3adTablesLastChanged object indicates the time of the most recent change to dot3adAggTable, dot3adAggPortListTable, and dot3adAggPortTable.
    Table
    Description
    Aggregator Configuration Table (dot3adAggTable)
    This table contains information about every aggregate group that is associated with a firewall. Each aggregate group has one entry.
    Some table objects have restrictions, which the dot3adAggIndex object describes. This index is the unique identifier that the local system assigns to the aggregate group. It identifies an aggregate group instance among the subordinate managed objects of the containing object. The identifier is read-only.
    The ifTable MIB (a list of interface entries) does not support logical interfaces and therefore does not have an entry for the aggregate group.
    Aggregation Port List Table (dot3adAggPortListTable)
    This table lists the ports associated with each aggregate group in a firewall. Each aggregate group has one entry.
    The dot3adAggPortListPorts attribute lists the complete set of ports associated with an aggregate group. Each bit set in the list represents a port member. For non-chassis platforms, this is a 64-bit value. For chassis platforms, the value is an array of eight 64-bit entries.
    Aggregation Port Table (dot3adAggPortTable)
    This table contains LACP configuration information about every port associated with an aggregate group in a firewall. Each port has one entry. The table has no entries for ports that are not associated with an aggregate group.
    LACP Statistics Table (dot3adAggPortStatsTable)
    This table contains link aggregation information about every port associated with an aggregate group in a firewall. Each port has one row. The table has no entries for ports that are not associated with an aggregate group.
    The IEEE 802.3 LAG MIB includes the following LACP-related traps:
    Trap Name
    Description
    panLACPLostConnectivityTrap
    The peer lost connectivity to the firewall.
    panLACPUnresponsiveTrap
    The peer does not respond to the firewall.
    panLACPNegoFailTrap
    LACP negotiation with the peer failed.
    panLACPSpeedDuplexTrap
    The link speed and duplex settings on the firewall and peer do not match.
    panLACPLinkDownTrap
    An interface in the aggregate group is down.
    panLACPLacpDownTrap
    An interface was removed from the aggregate group.
    panLACPLacpUpTrap
    An interface was added to the aggregate group.
    For the MIB definitions, refer to IEEE 802.3 LAG MIB.

    LLDP-V2-MIB.my

    Use the LLDP-V2-MIB to monitor Link Layer Discovery Protocol (LLDP) events. For example, you can check the lldpV2StatsRxPortFramesDiscardedTotal object to see the number of LLDP frames that were discarded for any reason. The Palo Alto Networks firewall uses LLDP to discover neighboring devices and their capabilities. LLDP makes troubleshooting easier, especially for virtual wire deployments where the ping or traceroute utilities won’t detect the firewall.
    Palo Alto Networks firewalls support all the LLDP-V2-MIB objects except:
    • The following lldpV2Statistics objects:
      • lldpV2StatsRemTablesLastChangeTime
      • lldpV2StatsRemTablesInserts
      • lldpV2StatsRemTablesDeletes
      • lldpV2StatsRemTablesDrops
      • lldpV2StatsRemTablesAgeouts
    • The following lldpV2RemoteSystemsData objects:
      • The lldpV2RemOrgDefInfoTable table
      • In the lldpV2RemTable table: lldpV2RemTimeMark
    RFC 4957 defines this MIB.

    IP-MIB

    (PAN-OS 11.1 and later versions)
    IP-MIB provides information about the general IP stack in both IPv4 and IPv6. Use this MIB to monitor IP addresses of interfaces.
    Palo Alto Networks firewalls, Panorama, and WF-500 appliances currently support only the ipAddressTable and ipAddrTable in IP-MIB.
    • The ipAddressTable lists the IPv4 and IPv6 addresses used by an entity, along with basic history for when the address was created and updated.
    • The ipAddrTable lists the IPv4 addresses used by an entity. This table has been replaced by the ipAddressTable, but is provided for support purposes.
    RFC 4293 defines this MIB.

    PAN-COMMON-MIB.my

    Use the PAN-COMMON-MIB to monitor the following information for Palo Alto Networks firewalls, Panorama, and WF-500 appliances:
    Object Group
    Description
    panSys
    Contains such objects as system software/hardware versions, dynamic content versions, serial number, HA mode/state, and global counters.
    The global counters include those related to Denial of Service (DoS), IP fragmentation, TCP state, and dropped packets. Tracking these counters enables you to monitor traffic irregularities that result from DoS attacks, system or connection faults, or resource limitations. PAN-COMMON-MIB supports global counters for firewalls but not for Panorama.
    panChassis
    Chassis type and M-Series appliance mode (Panorama or Log Collector).
    panSession
    Session utilization information. For example, the total number of active sessions on the firewall or a specific virtual system.
    panMgmt
    Status of the connection from the firewall to the Panorama management server.
    panGlobalProtect
    GlobalProtect gateway utilization as a percentage, maximum tunnels allowed, and number of active tunnels.
    panLogCollector
    Logging statistics for each Log Collector, including logging rate, log quotas, disk usage, retention periods, log redundancy (enabled or disabled), the forwarding status from firewalls to Log Collectors, the forwarding status from Log Collectors to external services, and the status of firewall-to-Log Collector connections.
    panDeviceLogging
    Logging statistics for each firewall, including logging rate, disk usage, retention periods, the forwarding status from individual firewalls to Panorama and external servers, and the status of firewall-to-Log Collector connections.
    panHrStorageEntry
    (PAN-OS 11.2.3 and later) Buffer and descriptor utilization by percentage for PAN-OS firewalls and appliances. Support for on-chip descriptor utilization by percentage for Octeon or sw-tag for x86.

    PAN-GLOBAL-REG-MIB.my

    PAN-GLOBAL-REG-MIB.my contains global, top-level OID definitions for various sub-trees of Palo Alto Networks enterprise MIB modules. This MIB doesn’t contain objects for you to monitor; it is required only for referencing by other MIBs.

    PAN-GLOBAL-TC-MIB.my

    PAN-GLOBAL-TC-MIB.my defines conventions (for example, character length and allowed characters) for the text values of objects in Palo Alto Networks enterprise MIB modules. All Palo Alto Networks products use these conventions. This MIB doesn’t contain objects for you to monitor; it is required only for referencing by other MIBs.

    PAN-LC-MIB.my

    PAN-LC-MIB.my contains definitions of managed objects that Log Collectors (M-Series appliances in Log Collector mode) implement. Use this MIB to monitor the logging rate, log database storage duration (in days), and disk usage (in MB) of each logical disk (up to four) on a Log Collector. For example, you can use this information to determine whether you should add more Log Collectors or forward logs to an external server (for example, a syslog server) for archiving.

    PAN-PRODUCT-MIB.my

    PAN-PRODUCT-MIB.my defines sysObjectID OIDs for all Palo Alto Networks products. This MIB doesn’t contain objects for you to monitor; it is required only for referencing by other MIBs.

    PAN-ENTITY-EXT-MIB.my

    Use PAN-ENTITY-EXT-MIB.my in tandem with the ENTITY-MIB to monitor power usage for the physical components of a PA-7000 Series or PA-5450 firewall (for example, fan trays, and power supplies), which are the only two Palo Alto Networks firewalls that support this MIB. For example, when troubleshooting log forwarding issues, you might want to check the power usage of the log processing cards (LPCs): you can map the LPC indexes from the ENTITY-MIB (entPhysicalDescr object) to values in the PAN-ENTITY-EXT-MIB (panEntryFRUModelPowerUsed object).

    PAN-TRAPS.my

    Use PAN-ENTITY-EXT-MIB.my in tandem with the ENTITY-MIB to monitor power usage for the physical components of a PA-7000 Series or PA-5450 firewall (for example, fan trays, and power supplies), which are the only two Palo Alto Networks firewalls that support this MIB. For example, when troubleshooting log forwarding issues, you might want to check the power usage of the log processing cards (LPCs): you can map the LPC indexes from the ENTITY-MIB (entPhysicalDescr object) to values in the PAN-ENTITY-EXT-MIB (panEntryFRUModelPowerUsed object).

    © 2025 Palo Alto Networks, Inc. All rights reserved.