Enable SNMP Services for Firewall-Secured Network Elements

If you will use Simple Network Management Protocol (SNMP) to monitor or manage network elements (for example, switches and routers) that are within the security zones of Palo Alto Networks firewalls, you must create a security rule that allows SNMP services for those elements.
You don’t need a security rule to enable SNMP monitoring of Palo Alto Networks firewalls, Panorama, or WF-500 appliances. For details, see Monitor Statistics Using SNMP.
  1. Create an application group.
    1. Select
      Objects
      Application Group
      and click
      Add
      .
    2. Enter a
      Name
      to identify the application group.
    3. Click
      Add
      , type
      snmp
      , and select
      snmp
      and
      snmp-trap
      from the drop-down.
    4. Click
      OK
      to save the application group.
  2. Create a security rule to allow SNMP services.
    1. Select
      Policies
      Security
      and click
      Add
      .
    2. In the
      General
      tab, enter a
      Name
      for the rule.
    3. In the
      Source
      and
      Destination
      tabs, click
      Add
      and enter a
      Source Zone
      and a
      Destination Zone
      for the traffic.
    4. In the
      Applications
      tab, click
      Add
      , type the name of the applications group you just created, and select it from the drop-down.
    5. In the
      Actions
      tab, verify that the
      Action
      is set to
      Allow
      , and then click
      OK
      and
      Commit
      .

Related Documentation