Can SNMP Traps be Sent for HA (Failover) Events?

Can SNMP Traps be Sent for HA (Failover) Events?

23623
Created On 09/25/18 17:59 PM - Last Modified 06/17/21 21:26 PM


Environment


  • Palo Alto Firewall.
  • PAN-OS 8.1 and above.
  • High Availability (HA) Configured.
  • SNMP Traps for HA  events.

Resolution


Palo Alto Networks firewalls can be configured to send SNMP messages based on the severity associated with the event but not specific events.

Example of Failover System messages:

8-22-2012 8-44-22 AM.png

HA State changes are Informational severity events so, in order for those messages to be sent to the SNMP server, the firewall needs to be configured to forward Informational severity messages.

Note: This does imply that all informational messages will be sent to the SNMP server, not only the failover messages. It will be up to the SNMP server to filter the messages and alert only when an HA state change happened.

To enable SNMP forwarding of Informational messages, Create an SNMP trap server profile and use this SNMP trap server under the system log settings as shown below:

 

  1. Create the SNMP Trap Server profile (GUI: Device > Server Profiles > SNMP Trap)

    8-22-2012 8-44-58 AM.png

  2. Configure log settings to use SNMP (GUI: Device > Log Settings > System and click Add to add)
Give a name and use filter builder to select informational setting and subtype of ha. Use the dropdown menu to use the filter builder.

System Log Setting

  1. Click OK and Commit the configuration.

 

Note: The example provides the "informational" message filter. If HA messsages of severity "high" needs to be captured, one can use the filter builder to change the "informational" severity settings to "High" severity.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClMHCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language