Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
12-21-2018 05:23 AM
We recently upgraded our firewall to version 8.1.5 and noticed that SNMP data traffic monitoring stopped working. If we get de SNMP values, we receive this informations:
IF-MIB::ifIndex.9 = INTEGER: 9 IF-MIB::ifDescr.9 = STRING: ethernet1/4 IF-MIB::ifType.9 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.9 = INTEGER: 1500 IF-MIB::ifSpeed.9 = Gauge32: 100000000 IF-MIB::ifPhysAddress.9 = STRING: 0:86:9c:84:3f:13 IF-MIB::ifAdminStatus.9 = INTEGER: up(1) IF-MIB::ifOperStatus.9 = INTEGER: up(1) IF-MIB::ifLastChange.9 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.9 = Counter32: 0 IF-MIB::ifInUcastPkts.9 = Counter32: 0 IF-MIB::ifInNUcastPkts.9 = Counter32: 0 IF-MIB::ifInDiscards.9 = Counter32: 0 IF-MIB::ifInErrors.9 = Counter32: 0 IF-MIB::ifInUnknownProtos.9 = Counter32: 0 IF-MIB::ifOutOctets.9 = Counter32: 0 IF-MIB::ifOutUcastPkts.9 = Counter32: 0 IF-MIB::ifOutNUcastPkts.9 = Counter32: 0 IF-MIB::ifOutDiscards.9 = Counter32: 0 IF-MIB::ifOutErrors.9 = Counter32: 2293361
Notice the zero ifInOctets and ifOutOctets values.
In the firewall CLI, we get the values:
>show interface ethernet1/4 -------------------------------------------------------------------------------- Name: ethernet1/4, ID: 19 Link status: Runtime link speed/duplex/state: 100/half/up Configured link speed/duplex/state: auto/auto/auto MAC address: Port MAC address 00:86:9c:84:3f:13 Operation mode: layer3 Untagged sub-interface support: no -------------------------------------------------------------------------------- Name: ethernet1/4, ID: 19 Operation mode: layer3 Virtual router default Interface MTU 1500 Interface IP address: ###.###.###.###/## Interface management profile: default ping: yes telnet: no ssh: yes http: no https: yes snmp: yes response-pages: yes userid-service: yes Service configured: IKE Zone: external, virtual system: vsys1 Adjust TCP MSS: no Policing: no -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Physical port counters read from MAC: -------------------------------------------------------------------------------- rx-broadcast 61123 rx-bytes 53526882686 rx-multicast 196 rx-unicast 51082677 tx-broadcast 65 tx-bytes 9766237925 tx-multicast 0 tx-unicast 36211878 -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Detailed physical port counters read from MAC: -------------------------------------------------------------------------------- rx packets 64 bytes 10111961 rx packets 65 to 127 bytes 31737416 rx packets 128 to 255 bytes 2072235 rx packets 256 to 511 bytes 1969770 rx packets 512 to 1023 bytes 2070995 rx packets 1024+ bytes 39427569 collisions 756704 late_collisions 612166 sent_deferred 2304503 sent_multiple 124474 -------------------------------------------------------------------------------- Hardware interface counters read from CPU: -------------------------------------------------------------------------------- bytes received 678602007 bytes transmitted 97658231 packets received 616505 packets transmitted 409213 receive incoming errors 0 receive discarded 0 receive errors 67 packets dropped 0 -------------------------------------------------------------------------------- Logical interface counters read from CPU: -------------------------------------------------------------------------------- bytes received 678597987 bytes transmitted 97658231 packets received 616438 packets transmitted 409213 receive errors 0 packets dropped 110 packets dropped by flow state check 37 forwarding errors 0 no route 0 arp not found 0 neighbor not found 0 neighbor info pending 0 mac not found 0 packets routed to different zone 0 land attacks 0 ping-of-death attacks 0 teardrop attacks 0 ip spoof attacks 0 mac spoof attacks 0 ICMP fragment 0 layer2 encapsulated packets 0 layer2 decapsulated packets 0 tcp cps 1 udp cps 0 sctp cps 0 other cps 0 --------------------------------------------------------------------------------
Is this a known bug?
System Info
show system info hostname: ############# ip-address: ###.###.###.### public-ip-address: unknown netmask: ###.###.###.### default-gateway: ###.###.###.### ip-assignment: static ipv6-address: unknown ipv6-link-local-address: ###.###.###.### ipv6-default-gateway: mac-address: 00:86:9c:84:3f:00 time: Fri Dec 21 13:21:24 2018 uptime: 1 days, 8:58:38 family: 800 model: PA-820 serial: ############## cloud-mode: non-cloud sw-version: 8.1.5 global-protect-client-package-version: 4.1.2 app-version: 8108-5218 app-release-date: av-version: 2834-3344 av-release-date: threat-version: 8108-5218 threat-release-date: wf-private-version: 0 wf-private-release-date: unknown url-db: paloaltonetworks wildfire-version: 307255-309916 wildfire-release-date: url-filtering-version: 20181221.20161 global-protect-datafile-version: unknown global-protect-datafile-release-date: unknown global-protect-clientless-vpn-version: 0 global-protect-clientless-vpn-release-date: logdb-version: 8.1.8 platform-family: 800 vpn-disable-mode: off multi-vsys: off operational-mode: normal
01-27-2019 06:57 PM - edited 01-27-2019 06:58 PM
if you want get interface counter you need get from "Counter64" (.1.3.6.1.2.1.31.1.1.1.6.x )
you couldn't see value of Counter32
01-29-2019 05:13 AM
Yeah, that's it.
I discovered this last week
Now I'm using this oids:
IF-MIB::ifHCInBroadcastPkts.X - .1.3.6.1.2.1.31.1.1.1.9.X
IF-MIB::ifHCOutBroadcastPkts - .1.3.6.1.2.1.31.1.1.1.13.X
IF-MIB::ifHCInMulticastPkts - .1.3.6.1.2.1.31.1.1.1.8.X
IF-MIB::ifHCOutMulticastPkts - .1.3.6.1.2.1.31.1.1.1.12.X
IF-MIB::ifHCInOctets - .1.3.6.1.2.1.31.1.1.1.6.X
IF-MIB::ifHCOutOctets - .1.3.6.1.2.1.31.1.1.1.10.X
IF-MIB::ifHCInUcastPkts - .1.3.6.1.2.1.31.1.1.1.7.X
IF-MIB::ifHCOutUcastPkts - .1.3.6.1.2.1.31.1.1.1.11.X
Thanks to all
01-16-2019 07:15 PM
i have the same iss,can you solve the problem?
01-23-2019 08:15 PM
Hi
Some of my customer had similer issue , part of SNMP cannot get information after upgrading PAN-OS8.1.5.
some of SNMP issue seems like fixed in 8.1.6 released today ?
PAN-97672
Fixed an issue where polled SNMP object identifiers (OID) stopped responding
after the firewall was restarted.
01-27-2019 06:57 PM - edited 01-27-2019 06:58 PM
if you want get interface counter you need get from "Counter64" (.1.3.6.1.2.1.31.1.1.1.6.x )
you couldn't see value of Counter32
01-29-2019 05:13 AM
Yeah, that's it.
I discovered this last week
Now I'm using this oids:
IF-MIB::ifHCInBroadcastPkts.X - .1.3.6.1.2.1.31.1.1.1.9.X
IF-MIB::ifHCOutBroadcastPkts - .1.3.6.1.2.1.31.1.1.1.13.X
IF-MIB::ifHCInMulticastPkts - .1.3.6.1.2.1.31.1.1.1.8.X
IF-MIB::ifHCOutMulticastPkts - .1.3.6.1.2.1.31.1.1.1.12.X
IF-MIB::ifHCInOctets - .1.3.6.1.2.1.31.1.1.1.6.X
IF-MIB::ifHCOutOctets - .1.3.6.1.2.1.31.1.1.1.10.X
IF-MIB::ifHCInUcastPkts - .1.3.6.1.2.1.31.1.1.1.7.X
IF-MIB::ifHCOutUcastPkts - .1.3.6.1.2.1.31.1.1.1.11.X
Thanks to all
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
