Enable SNMP Services for Firewall-Secured Network Elements

If you will use Simple Network Management Protocol (SNMP) to monitor or manage network elements (for example, switches and routers) that are within the security zones of Palo Alto Networks firewalls, you must create a security rule that allows SNMP services for those elements.
You don’t need a security rule to enable SNMP monitoring of Palo Alto Networks firewalls, Panorama, or WF-500 appliances. For details, see Monitor Statistics Using SNMP.
  1. Create an application group.
    1. Select ObjectsApplication Group and click Add.
    2. Enter a Name to identify the application group.
    3. Click Add, type snmp, and select snmp and snmp-trap from the drop-down.
    4. Click OK to save the application group.
  2. Create a security rule to allow SNMP services.
    1. Select PoliciesSecurity and click Add.
    2. In the General tab, enter a Name for the rule.
    3. In the Source and Destination tabs, click Add and enter a Source Zone and a Destination Zone for the traffic.
    4. In the Applications tab, click Add, type the name of the applications group you just created, and select it from the drop-down.
    5. In the Actions tab, verify that the Action is set to Allow, and then click OK and Commit.

Related Documentation