ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
Learn how to configure an SNMP Traps Server from a Palo Alto Networks Solutions Engineer, Joe Delio. We walk you through each step of the configuration process and explain some of the best practices on a Traps Server.
How To Configure SNMP Traps Log Forwarding
One of the many questions that I was asked when I was in support was, "How do I configure SNMP?"
Well, that is why we are here to help answer some common questions and, hopefully, save you a call to support for a simple configuration question.
SNMP or "Simple Network Management Protocol" traps can alert you to system events or threats that may need immediate attention.
It goes without saying that you already have an SNMP traps server setup that you can point the SNMP traffic to and have already loaded the supported MIBs for Palo Alto Networks devices.
Steps to Configure SNMP Traps:
1. Configure an SNMP trap server profile by navigating to Device > Server Profiles > SNMP Trap.
Web Interface of SNMP Trap location
2. Click Add and then enter a name for the new SNMP Trap Server Profile. I used SNMP_test. If the firewall has more than one VSYS (virtual system), you will need to select the VSYS where you want the SNMP profile to be used.
SNMP Trap Server Profile Window
3. Next, you will need to review the version of SNMP: V2c or V3.
V2c – For every SNMP V2c server, click Add at the bottom of the window and enter the SNMP Server Name, IP address, and Community String used. The "Community String" is used as a password and identifies the community of SNMP managers and monitored devices. (See above for the V2c example for an example.)
V3 – (Encrypted) When you select V3, the window will show additional options that are required with SNMP V3. Enter the SNMP server name, SNMP Manager (IP Address), SNMP User Account, EngineID (used to identify the firewall, or leave blank and the firewall's serial number will be used), Auth (Authentication ) Password, and Priv (Privacy) Password (used to encrypt SNMP messages).
SNMP Trap Server Profile V3
4. Click OK to save the server profile.
5. (Optional) Enter the location information. Navigate to Device > Setup > Operations and click SNMP Setup. Enter the Physical Location, Contact, select Event-specific Trap Definitions or not, the Version of SNMP (V2c or V3), and the SNMP Community String.
6. Click OK when you're done.
SNMP Setup window
7. Next, ensure SNMP is selected inside of the Management Interface Settings. Navigate to Device > Setup then select Interfaces and then click Management. Inside that window, make sure to select SNMP under Network Services.
SNMP Management Interface Settings
8. Next, configure Log Forwarding to the SNMP Server. You can forward Traffic, Threat, and WildFire SNMP traps to forward to an SNMP server.
Create a Log Forwarding profile for each log type. You will see an option for each type and each security level. Please see "Create Log Forwarding Profile" for details on configuration.
Assign the profile to policy rules and network zones. This will trigger the traps to be generated and forwarded to the SNMP server. Please see "Assign Log Forwarding Profile" for details on configuring that.
Commit when complete.
9. Last step, look for traffic from the firewall on your SNMP manager.