You can use an SNMP manager to monitor event-driven alerts and operational statistics for
the firewall, Panorama, or WF-500 appliance and for the traffic they process. The
statistics and traps can help you identify resource limitations, system changes or
failures, and malware attacks. You configure alerts by forwarding log data as traps, and
enable the delivery of statistics in response to GET messages (requests) from your SNMP
manager. Each trap and statistic has an object identifier (OID). Related OIDs are
organized hierarchically within the Management Information Bases (MIBs) that you load
into the SNMP manager to enable monitoring.
When an event triggers SNMP trap generation (for example, an interface goes down),
the firewall, Panorama virtual appliance, M-Series appliance, and WF-500 appliance
respond by updating the corresponding SNMP object (for example, the interfaces MIB)
instead of waiting for the periodic update of all objects that occurs every ten
seconds. This ensures that your SNMP manager displays the latest information when
polling an object to confirm an event.
The firewall, Panorama, and WF-500 appliance support SNMP Version 2c and Version 3.
Decide which to use based on the version that other devices in your network support and
on your network security requirements. SNMPv3 is more secure and enables more granular
access control for system statistics than SNMPv2c. The following table summarizes the
security features of each version. You select the version and configure the security
features when you Monitor Statistics Using
SNMP and Forward Traps to an SNMP Manager.
SNMPVersion
Authentication
Message Privacy
MessageIntegrity
MIB Access Granularity
SNMPv2c
Community string
No (cleartext)
No
SNMP community access for all MIBs on a device
SNMPv3
EngineID, username, and authentication password (SHA hashing for the
password)
Privacy password for AES (128, 192, or 256) encryption of SNMP
messages
Yes
User access based on views that include or exclude specific OIDs
Figure 1 illustrates a deployment in which firewalls forward
traps to an SNMP manager while also forwarding logs to Log Collectors. Alternatively,
you could configure the Log Collectors to forward the firewall traps to the SNMP
manager. For details on these deployments, refer to Log Forwarding Options in Centralized Logging and
Reporting. In all deployments, the SNMP manager gets statistics directly from
the firewall, Panorama, or WF-500 appliance. In this example, a single SNMP manager
collects both traps and statistics, though you can use separate managers for these
functions if that better suits your network.
SNMP Implementation
The following topics describe how Palo Alto Networks firewalls, Panorama, and WF-500 appliances
implement SNMP, and the procedures to configure SNMP monitoring and trap delivery.