https://live.paloaltonetworks.com/t5/automation-api-discussions/custom-application-signature-to-only-allow-snmp-read/m-p/34798#M831 <HTML><HEAD></HEAD><BODY><P>Hi Axi,</P><P></P><P>Let me know if following article is useful.</P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/message/13669#13669" style="font-size: 10pt; line-height: 1.5em;" title="https://live.paloaltonetworks.com/message/13669#13669">https://live.paloaltonetworks.com/message/13669#13669</A></P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Wed, 12 Nov 2014 14:23:48 GMT hshah 2014-11-12T14:23:48Z https://live.paloaltonetworks.com/t5/automation-api-discussions/custom-application-signature-to-only-allow-snmp-read/m-p/34796#M829 <HTML><HEAD></HEAD><BODY><P>Hi all</P><P></P><P>I have read the "Creating Custom Signature" Tech Note for PAN-OS 5.0, because I tried to create an application that only allows snmp-read. But there I was blocked by a limitation that I need at least 7 bytes.</P><P></P><P>The snmp-payload looks like the follwing:</P><P>3035020101040c746573747465737474657374a02202045c88c1c802010002010030143012060e2b0601040181c6750201020301000500</P><P></P><P>Now with a little bit more information:</P><P>30 35 02 01 --&gt; SNMP Header</P><P>01 --&gt; SNMP Version v2c</P><P>04 --&gt; community name (string)</P><P>0c --&gt; length of Community Name (in this case 12)</P><P>74 65 73 74 74 65 73 74 74 65 73 74 --&gt; SNMP Community (in this case testtesttest)</P><P>a0 22 02 04 --&gt; Identifier for SNMP get-request</P><P>5c 88 c1 c8 --&gt; request id</P><P>and after the request id there is the snmp oid data.</P><P></P><P>So the only thing to match with an application signature are snmp header, version and the identifier for a get-request. In total these are 9 bytes but between thes values there is the snmp community which could be almost any length.</P><P></P><P>As a workaround I used the following pattern: (snmp-read)|\xa0220204\x</P><P>Like this I was able to save the custom application and to work around the 7 byte limitation.</P><P></P><P>But it seems that my idea was doomed to fail from the beginning because snmp-base and snmpv2 are already known applications from PaloAlto. So my custom application will never work right? Or does anyone know another possibility to only allow snmp-read request and drop snmp-write?</P><P></P><P>Thanks,</P><P>Remo</P></BODY></HTML> Wed, 12 Nov 2014 12:59:36 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/custom-application-signature-to-only-allow-snmp-read/m-p/34796#M829 Remo 2014-11-12T12:59:36Z https://live.paloaltonetworks.com/t5/automation-api-discussions/custom-application-signature-to-only-allow-snmp-read/m-p/34797#M830 <HTML><HEAD></HEAD><BODY><P>Yes, that is correct, if firewall already has an application. Custom application for device's application has some issues working on the device. If you need this feature, you can contact our DevCenter at following link :</P><P></P><P><A href="https://live.paloaltonetworks.com/space/2010">DevCenter</A></P><P></P><P>They will be the best resource to assist you with this requirement. Hope this helps. Thank you.</P></BODY></HTML> Wed, 12 Nov 2014 13:15:31 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/custom-application-signature-to-only-allow-snmp-read/m-p/34797#M830 ssharma 2014-11-12T13:15:31Z https://live.paloaltonetworks.com/t5/automation-api-discussions/custom-application-signature-to-only-allow-snmp-read/m-p/34798#M831 <HTML><HEAD></HEAD><BODY><P>Hi Axi,</P><P></P><P>Let me know if following article is useful.</P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/message/13669#13669" style="font-size: 10pt; line-height: 1.5em;" title="https://live.paloaltonetworks.com/message/13669#13669">https://live.paloaltonetworks.com/message/13669#13669</A></P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Wed, 12 Nov 2014 14:23:48 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/custom-application-signature-to-only-allow-snmp-read/m-p/34798#M831 hshah 2014-11-12T14:23:48Z https://live.paloaltonetworks.com/t5/automation-api-discussions/custom-application-signature-to-only-allow-snmp-read/m-p/34799#M832 <HTML><HEAD></HEAD><BODY><P>Hi AXI,</P><P></P><P>PANW allows only Read only SNMP, please refer following "tech note" for more details.</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-4627">Using the Simple Network Management Protocol (SNMP)</A></P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Wed, 12 Nov 2014 14:28:57 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/custom-application-signature-to-only-allow-snmp-read/m-p/34799#M832 hshah 2014-11-12T14:28:57Z https://live.paloaltonetworks.com/t5/automation-api-discussions/custom-application-signature-to-only-allow-snmp-read/m-p/34800#M833 <HTML><HEAD></HEAD><BODY><P>Hi Hardik</P><P></P><P>Unfortunately I am not allowed to access this article.</P><P>I know that PaloAlto only allows snmp-read to the firewall itself. My idea was for other systems which are located in a zone behind the PaloAlto Firewall.</P><P></P><P>Regards,</P><P>Remo</P></BODY></HTML> Thu, 13 Nov 2014 08:33:15 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/custom-application-signature-to-only-allow-snmp-read/m-p/34800#M833 Remo 2014-11-13T08:33:15Z