Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
08-29-2019 05:49 AM
Hello Team,
I have tried to configure SNMP V3 to send trap messges to opmanager in palo alto.
- At the tiime we struct with engineID,here we are unable to find engineID for Palo Alto in Opmanager.
- And also SNMP Walk itself its not working.
- Its seems something i was missing in the configuration.
- Can anyone help me here on what are things need to configure to properly work SNMP V3 but in the same SNMP V2 is working properly without any issues. SO issues is only with SNMP V3.
Awaiting for a reply !!
Best Regards,
Karthikeyan Balamurugan
01-20-2021 11:26 AM
Hi,
you cna pool the device with the following command from Linux & Windows
From Windows Host
SnmpGet.exe -r:x.x.x.x[Dest-IP] -v:3[version] -sn:USER[Username] -ap:SHA -aw:authpass -pp:AES128 -pw:privpass -o:1.3.6.1.6.3.10.2.1.1.0
[Brackets] are just for explanation, you should all text inside including brackets from command
e.g.
SnmpGet.exe -r:2.2.2.2 -v:3 -sn:user1 -ap:SHA -aw:authpass -pp:AES128 -pw:privpass -o:1.3.6.1.6.3.10.2.1.1.0
From Linux Host
Use this command
snmpget -v 3 -u [username] -l authPriv -a SHA -A [auth password]-x AES -X [priv password] [IP address] .1.3.6.1.2.1.1.1.0
Response:
iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"
Note: PAN-OS 5.0 and 6.0 all use Secure Hash Algorithm (SHA-1 160) for Auth Password and Advanced Encryption Standard (AES 128) for Priv Password.
root@linux2:~# snmpwalk -v 3 -u [username] -l authPriv -a SHA -A [auth password] -x AES -X [priv password] [IP address]
Response:
iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.25461.2.3.6
iso.3.6.1.2.1.1.3.0 = Timeticks: (1235369) 3:25:53.69
iso.3.6.1.2.1.1.4.0 = STRING: "Not Set"
iso.3.6.1.2.1.1.5.0 = STRING: "PA500-wtam"
iso.3.6.1.2.1.1.6.0 = STRING: "Unknown"
iso.3.6.1.2.1.1.8.0 = Timeticks: (5) 0:00:00.05
(output truncated)
root@linux2:~# snmpget -v 3 -u [username] -l authPriv -a SHA -A [auth password]-x AES -X [priv password] [IP address] .1.3.6.1.2.1.1.1.0
Response:
iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"
root@linux2:~# snmpwalk -v 3 -u [username] -l authPriv -a SHA -A [auth password] -x AES -X [priv password] [IP address]
Response:
iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.25461.2.3.6
iso.3.6.1.2.1.1.3.0 = Timeticks: (1235369) 3:25:53.69
iso.3.6.1.2.1.1.4.0 = STRING: "Not Set"
iso.3.6.1.2.1.1.5.0 = STRING: "PA500-wtam"
iso.3.6.1.2.1.1.6.0 = STRING: "Unknown"
iso.3.6.1.2.1.1.8.0 = Timeticks: (5) 0:00:00.05
(output truncated)
If you face any issue, just let me know.
Regards,
08-29-2019 10:39 AM
Hello,
Have you tried the following:
Specify the engine ID of the firewall. When an SNMP manager and the firewall authenticate to each other, trap messages use this value to uniquely identify the firewall. If you leave the field blank, the messages use the firewall serial number as the
. If you enter a value, it must be in hexadecimal format, prefixed with 0x, and with another 10-128 characters to represent any number of 5-64 bytes (2 characters per byte). For firewalls in a high availability (HA) configuration, leave the field blank so that the SNMP manager can identify which HA peer sent the traps; otherwise, the value is synchronized and both peers will use the same
.
Regards,
01-20-2021 11:26 AM
Hi,
you cna pool the device with the following command from Linux & Windows
From Windows Host
SnmpGet.exe -r:x.x.x.x[Dest-IP] -v:3[version] -sn:USER[Username] -ap:SHA -aw:authpass -pp:AES128 -pw:privpass -o:1.3.6.1.6.3.10.2.1.1.0
[Brackets] are just for explanation, you should all text inside including brackets from command
e.g.
SnmpGet.exe -r:2.2.2.2 -v:3 -sn:user1 -ap:SHA -aw:authpass -pp:AES128 -pw:privpass -o:1.3.6.1.6.3.10.2.1.1.0
From Linux Host
Use this command
snmpget -v 3 -u [username] -l authPriv -a SHA -A [auth password]-x AES -X [priv password] [IP address] .1.3.6.1.2.1.1.1.0
Response:
iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"
Note: PAN-OS 5.0 and 6.0 all use Secure Hash Algorithm (SHA-1 160) for Auth Password and Advanced Encryption Standard (AES 128) for Priv Password.
root@linux2:~# snmpwalk -v 3 -u [username] -l authPriv -a SHA -A [auth password] -x AES -X [priv password] [IP address]
Response:
iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.25461.2.3.6
iso.3.6.1.2.1.1.3.0 = Timeticks: (1235369) 3:25:53.69
iso.3.6.1.2.1.1.4.0 = STRING: "Not Set"
iso.3.6.1.2.1.1.5.0 = STRING: "PA500-wtam"
iso.3.6.1.2.1.1.6.0 = STRING: "Unknown"
iso.3.6.1.2.1.1.8.0 = Timeticks: (5) 0:00:00.05
(output truncated)
root@linux2:~# snmpget -v 3 -u [username] -l authPriv -a SHA -A [auth password]-x AES -X [priv password] [IP address] .1.3.6.1.2.1.1.1.0
Response:
iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"
root@linux2:~# snmpwalk -v 3 -u [username] -l authPriv -a SHA -A [auth password] -x AES -X [priv password] [IP address]
Response:
iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.25461.2.3.6
iso.3.6.1.2.1.1.3.0 = Timeticks: (1235369) 3:25:53.69
iso.3.6.1.2.1.1.4.0 = STRING: "Not Set"
iso.3.6.1.2.1.1.5.0 = STRING: "PA500-wtam"
iso.3.6.1.2.1.1.6.0 = STRING: "Unknown"
iso.3.6.1.2.1.1.8.0 = Timeticks: (5) 0:00:00.05
(output truncated)
If you face any issue, just let me know.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
