To enable SNMP on Palo Alto firewalls, you need administrator access to the device. You also need to be logged on to the administrative console.
Basic settings - SNMPv2c
- Navigate to Device > Setup > Operations.
- In the lower right corner, click SNMP Setup.
- On the SNMP Setup page, enter the physical location.
- In the contact field, enter the name or email address of the contact person.
- Select the version of SNMP you’re using—either V2c or V3. If you’re using V2C, you’ll also need to enter your SNMP community string in the field below.
- Click OK.
If you're looking to set up SNMPv3, choose the version accordingly on the previous step. Once you select v3, the menu will change and instead of the community string field, you will see sections to configure views and users. You'll need to configure at least one view and assign it to a user. In order to do that, follow the steps below:
- In the View section, click Add. Enter name for the group, then configure the following for each view you add to the group:
- View: Specify a name for the view. The name can have up to 31 characters that are alphanumeric, periods, underscores, or hyphens.
- OID: Specify the OID of the MIB.
- Option: Select the matching logic to apply to the MIB.
- Mask: Specify the mask in hexadecimal format.
- In the User section, click Add. Enter a name for the user, then configure the following fields for each view you add to the group:
- User Name: Specify a username to identify the SNMP user account. The username you configure on the firewall must match the username configured on the SNMP manager. The username can have up to 31 characters.
- View: Assign a group of views to the user.
- Authentication Password: Type and confirm the authentication password. The firewall uses the secure hash algorithm (SHA-1 160) to encrypt the password. The password must be between 8 and 256 characters long. All characters are allowed.
- Privacy Password: Type and confirm privacy password. The firewall uses the password and Advanced Encryption Standard 128 (AES-128) to encrypt SNMP traps and responses to statistics requests. The password must be between 8 and 256 characters long. All characters are allowed.
Enabling SNMP on the Management interface
- Navigate to Device > Setup > Management.
- Click the Management Interface Settings button.
- Tick the SNMP box.
All done! Your Palo Alto firewall can now be discovered and monitored using Auvik.