08-07-2017 07:17 AM
Hi,
I can't view in my Kiwi Syslog the traffic from my outside interface.
In my PA-500 I've enabled SNMP in Device -> Management ->Management Interface Settings -> Permitted SNMP Service.
In Operations -> SNMP Setup -> activeted Use Event-Specific Trap Definitions with Version V2c and SNMP community string.
Under Device -> Server Profiles -> Syslog, I activated Name, IP Syslog Server, Trasport UDP, Port 514, Format BSD and Facility LOG_USER.
In Device -> Server Profiles -> SNMP Trap, I activated SNMP Manager IP and Community with Version V2c.
In Policies -> Security, I actived the log forwarding profile in many rules.
Is there someone that can help me?
08-07-2017 09:06 AM
I would perform a PCAP or a wireshark on your Kiwi server and see if you can tell exactly what's happening. WIthout actually seeing your configuration or knowing how your Kiwi server is setup it's pretty hard to see if something this misconfigured.
08-31-2017 07:07 AM
I've installed a MIBs software to walk into it.
I contacted the IP that I found in Device -> Management -> Managemente interface settings. The SNMP service and community string are activated.
When I try to contact the IP fro MIBs informations, in monitor I find from my zone SERVER that I've contacted OUTSIDE zone for the IP 192.168.1.1 that is different from my console IP management that is 10.254.1.1. But why outside zone? Here there are only public IPs. I'm confusing.
09-20-2017 08:50 AM
Is there someone that can help me?
09-20-2017 08:58 AM
Can you include a screenshot of what you are seeing from your end.
09-21-2017 02:03 PM
I'm not sure, but I think you are saying that the snmp configuration is being sourced from the outside interface instead of the dedicated management port.
Check to see if your PA has a service route configured that overrides the default sourcing of this managment traffic and puts it on the configured port needed for the the route. This setting is located here.
Device > Setup > Services
Service route
10-17-2017 05:33 AM
Hi,
I've controlled and I have the service SNMP trap in default mode. This is the only service with SNMP name inside.
The strange thing is the IP 192.168.1.1 in management that is a private IP. In the gateaway I have a public IP. This is a configuration from the company that has installed the firewall. Can I reach that private IP? Do I need to have a specific configuration in the firewall rules?
10-23-2017 05:36 AM
I'm having trouble following exactly what the configuration is. Note that the snmp traps with your outline in the first post will be sourced from the mgmt interface address towards the configured syslog kiwi server.
Check that the route and path from mgmt interface to kiwi is up and working.
Check that security policies along this path permit the traps from the mgmt interface address source to the destination address of the kiwi server.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
