Need help on configuring SNMP V3 to send trap messages to OpManager (Net Flow)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Need help on configuring SNMP V3 to send trap messages to OpManager (Net Flow)

L3 Networker

Hello Team,

 

I have tried to configure SNMP V3 to send trap messges to opmanager in palo alto. 

- At the tiime we struct with engineID,here we are unable to find engineID for Palo Alto in Opmanager. 

- And also SNMP Walk itself its not working.

- Its seems something i was missing in the configuration.

- Can anyone help me here on what are things need to configure to properly work SNMP V3 but in the same SNMP V2 is working properly without any issues. SO issues is only with SNMP V3.

 

Awaiting for a reply !!

 

Best Regards,

Karthikeyan Balamurugan

 

 

1 accepted solution

Accepted Solutions

Hi,

 

you cna pool the device with the following command from Linux & Windows 

 

From Windows Host

SnmpGet.exe -r:x.x.x.x[Dest-IP] -v:3[version] -sn:USER[Username] -ap:SHA -aw:authpass -pp:AES128 -pw:privpass -o:1.3.6.1.6.3.10.2.1.1.0

[Brackets] are just for explanation, you should all text inside including brackets from command
e.g.
SnmpGet.exe -r:2.2.2.2 -v:3 -sn:user1 -ap:SHA -aw:authpass -pp:AES128 -pw:privpass -o:1.3.6.1.6.3.10.2.1.1.0

 

From Linux Host

Use this command

root@linux:~#

snmpget -v 3 -u [username] -l authPriv -a SHA -A [auth password]-x AES -X [priv password] [IP address] .1.3.6.1.2.1.1.1.0

 

Response:

iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"

 

Note: PAN-OS 5.0 and 6.0 all use Secure Hash Algorithm (SHA-1 160) for Auth Password and Advanced Encryption Standard (AES 128) for Priv Password.

  • To perform an SNMPWALK, run the command:

    root@linux2:~# snmpwalk -v 3 -u [username] -l authPriv -a SHA -A [auth password] -x AES -X [priv password] [IP address]

     

    Response:

    iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"

    iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.25461.2.3.6

    iso.3.6.1.2.1.1.3.0 = Timeticks: (1235369) 3:25:53.69

    iso.3.6.1.2.1.1.4.0 = STRING: "Not Set"

    iso.3.6.1.2.1.1.5.0 = STRING: "PA500-wtam"

    iso.3.6.1.2.1.1.6.0 = STRING: "Unknown"

    iso.3.6.1.2.1.1.8.0 = Timeticks: (5) 0:00:00.05

    (output truncated)

 

  • To perform an SNMPGET, run the command:

    root@linux2:~# snmpget -v 3 -u [username] -l authPriv -a SHA -A [auth password]-x AES -X [priv password] [IP address] .1.3.6.1.2.1.1.1.0

     

    Response:

    iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"

     

  • To perform an SNMPWALK, run the command:

    root@linux2:~# snmpwalk -v 3 -u [username] -l authPriv -a SHA -A [auth password] -x AES -X [priv password] [IP address]

     

    Response:

    iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"

    iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.25461.2.3.6

    iso.3.6.1.2.1.1.3.0 = Timeticks: (1235369) 3:25:53.69

    iso.3.6.1.2.1.1.4.0 = STRING: "Not Set"

    iso.3.6.1.2.1.1.5.0 = STRING: "PA500-wtam"

    iso.3.6.1.2.1.1.6.0 = STRING: "Unknown"

    iso.3.6.1.2.1.1.8.0 = Timeticks: (5) 0:00:00.05

    (output truncated)

If you face any issue, just let me know.

Regards,

View solution in original post

2 REPLIES 2

Cyber Elite
Cyber Elite

Hello,

Have you tried the following:

 

Specify the engine ID of the firewall. When an SNMP manager and the firewall authenticate to each other, trap messages use this value to uniquely identify the firewall. If you leave the field blank, the messages use the firewall serial number as the 

EngineID

. If you enter a value, it must be in hexadecimal format, prefixed with 0x, and with another 10-128 characters to represent any number of 5-64 bytes (2 characters per byte). For firewalls in a high availability (HA) configuration, leave the field blank so that the SNMP manager can identify which HA peer sent the traps; otherwise, the value is synchronized and both peers will use the same 

EngineID

.

 

https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/monitoring/snmp-monitoring-and-traps/forwa...

 

Regards,

Hi,

 

you cna pool the device with the following command from Linux & Windows 

 

From Windows Host

SnmpGet.exe -r:x.x.x.x[Dest-IP] -v:3[version] -sn:USER[Username] -ap:SHA -aw:authpass -pp:AES128 -pw:privpass -o:1.3.6.1.6.3.10.2.1.1.0

[Brackets] are just for explanation, you should all text inside including brackets from command
e.g.
SnmpGet.exe -r:2.2.2.2 -v:3 -sn:user1 -ap:SHA -aw:authpass -pp:AES128 -pw:privpass -o:1.3.6.1.6.3.10.2.1.1.0

 

From Linux Host

Use this command

root@linux:~#

snmpget -v 3 -u [username] -l authPriv -a SHA -A [auth password]-x AES -X [priv password] [IP address] .1.3.6.1.2.1.1.1.0

 

Response:

iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"

 

Note: PAN-OS 5.0 and 6.0 all use Secure Hash Algorithm (SHA-1 160) for Auth Password and Advanced Encryption Standard (AES 128) for Priv Password.

  • To perform an SNMPWALK, run the command:

    root@linux2:~# snmpwalk -v 3 -u [username] -l authPriv -a SHA -A [auth password] -x AES -X [priv password] [IP address]

     

    Response:

    iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"

    iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.25461.2.3.6

    iso.3.6.1.2.1.1.3.0 = Timeticks: (1235369) 3:25:53.69

    iso.3.6.1.2.1.1.4.0 = STRING: "Not Set"

    iso.3.6.1.2.1.1.5.0 = STRING: "PA500-wtam"

    iso.3.6.1.2.1.1.6.0 = STRING: "Unknown"

    iso.3.6.1.2.1.1.8.0 = Timeticks: (5) 0:00:00.05

    (output truncated)

 

  • To perform an SNMPGET, run the command:

    root@linux2:~# snmpget -v 3 -u [username] -l authPriv -a SHA -A [auth password]-x AES -X [priv password] [IP address] .1.3.6.1.2.1.1.1.0

     

    Response:

    iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"

     

  • To perform an SNMPWALK, run the command:

    root@linux2:~# snmpwalk -v 3 -u [username] -l authPriv -a SHA -A [auth password] -x AES -X [priv password] [IP address]

     

    Response:

    iso.3.6.1.2.1.1.1.0 = STRING: "Palo Alto Networks PA-500 series firewall"

    iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.25461.2.3.6

    iso.3.6.1.2.1.1.3.0 = Timeticks: (1235369) 3:25:53.69

    iso.3.6.1.2.1.1.4.0 = STRING: "Not Set"

    iso.3.6.1.2.1.1.5.0 = STRING: "PA500-wtam"

    iso.3.6.1.2.1.1.6.0 = STRING: "Unknown"

    iso.3.6.1.2.1.1.8.0 = Timeticks: (5) 0:00:00.05

    (output truncated)

If you face any issue, just let me know.

Regards,

  • 1 accepted solution
  • 6063 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!