Simple Network Management Protocol (SNMP) is a standard protocol for monitoring the devices on your network. To alert you to system events or threats on your network, monitored devices send SNMP traps to SNMP managers (trap servers). Select Device > Server Profiles > SNMP Trap or Panorama > Server Profiles > SNMP Trap to configure the server profile that enables the firewall or Panorama to send traps to the SNMP managers. To enable SNMP GET messages (statistics requests from an SNMP manager), see Enable SNMP Monitoring.
After creating the server profile, you must specify which log types will trigger the firewall to send SNMP traps ( Device > Log Settings). For a list of the MIBs that you must load into the SNMP manager so it can interpret traps, see Supported MIBs .
Don’t delete a server profile that any system log setting or logging profile uses.
SNMP Trap Server Profile Setting Description
Name Enter a name for the SNMP profile (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Location Select the scope in which the profile is available. In the context of a firewall that has more than one virtual system (vsys), select a vsys or select Shared (all virtual systems). In any other context, you can’t select the Location ; its value is predefined as Shared (for firewalls) or as Panorama. After you save the profile, you can’t change its Location.
Version Select the SNMP version— V2c (default) or V3. Your selection controls the remaining fields that the dialog displays. For either version, you can add up to four SNMP managers.
For SNMP V2c
Name Specify a name for the SNMP manager. The name can have up to 31 characters that are alphanumeric, periods, underscores, or hyphens.
SNMP Manager Specify the FQDN or IP address of the SNMP manager.
Community Enter the community string, which identifies an SNMP community of SNMP managers and monitored devices and also serves as a password to authenticate the community members to each other during trap forwarding. The string can have up to 127 characters, accepts all characters, and is case-sensitive. As a best practice, don’t use the default community string public. Because SNMP messages contain community strings in clear text, consider the security requirements of your network when defining community membership (administrator access).
For SNMP V3
Name Specify a name for the SNMP manager. The name can have up to 31 characters that are alphanumeric, periods, underscores, or hyphens.
SNMP Manager Specify the FQDN or IP address of the SNMP manager.
User Specify a username to identify the SNMP user account (up to 31 characters). The username you configure on the firewall must match the username configured on the SNMP manager.
EngineID Specify the engine ID of the firewall. When an SNMP manager and the firewall authenticate to each other, trap messages use this value to uniquely identify the firewall. If you leave the field blank, the messages use the firewall serial number as the EngineID. If you enter a value, it must be in hexadecimal format, prefixed with 0x, and with another 10-128 characters to represent any number of 5-64 bytes (2 characters per byte). For firewalls in a high availability (HA) configuration, leave the field blank so that the SNMP manager can identify which HA peer sent the traps; otherwise, the value is synchronized and both peers will use the same EngineID.
Auth Password Specify the authentication password of the SNMP user. The firewall uses the password to authenticate to the SNMP manager. The firewall uses Secure Hash Algorithm (SHA-1 160) to encrypt the password. The password must be 8–256 characters and all characters are allowed.
Priv Password Specify the privacy password of the SNMP user. The firewall uses the password and Advanced Encryption Standard (AES-128) to encrypt traps. The password must be 8–256 characters and all characters are allowed.

Related Documentation