How to create an SNMP V3 mask for Palo Alto Networks OID
Resolution
This article is to assist anyone who would like to restrict access to Palo Alto Networks OID only with SNMP V3.
Please see the below link and refer to "panSys" for information on Palo Alto Networks OID info here:
http://www.oidview.com/mibs/25461/PAN-COMMON-MIB.html
Below is the steps and how we calculate the mask value for the OID:
Inside the WebUI > Device > Setup > Operations > Misc > SNMP Setup, under Views click Add.
screenshot of options.
Inside of the Views window, you can add one or more Views to define what portion of the MIB tree is accessible.
Click Add at the bottom to define new view name, the OID that should be accessible and mask. Each entry will define a portion of the MIB to include or exclude from the user.
Click OK when done.
How the mask was calculated
The mask is a bitwise mask defining which node of the OID to match. For example, if the OID is 1.3.6.1 and the mask is 0xf0, then the first 4 nodes (f = 1111) must match and the remaining nodes do not need to match. So 1.3.6.1.2 would match the mask and 1.4.6.1.2 would not. If you would like to have all OIDs (full MIB tree .1) you can configure OID as .1 and mask as 0x80 (which is 1000 0000 - which means that only first node must match which is .1).
In our case we are trying calculate mask the value for the OID 1.3.6.1.4.1.25461.2.1.2.1
So considering this the mask should be 0xFFE.
How we arrive at this value is given below:
1.3.6.1.4.1.25461.2.1.2.1 =====>>>MIB
1 1 1 1 1 1 1 1 1 1 1 ====>>> Binary
FFE =====>> HEX
Which is 1111 1111 1110 = 0xFFE in HEX