Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-27-2023 01:10 PM
I'm configuring NetFlow on our PA-5200. I'm collecting the data in What's Up Gold. WUG has a limitations (it appears) that the NetFlow IP that I use for the IP address also has to be respond via SNMP on the same address. However, the PA-5200 cannot send NetFlow traffic out its MGMT interface so I'm using our inside trusted interface to send Netflow traffic.
Can I configure our inside network interface IP to respond to SNMP queries while leaving the SNMP working on the MGMT interface?
I don't want to change the SNMP interface/IP used in our Service Route config because we already have other devices talking to that interface and I don't want to have to reconfigure other SNMP tools. I'm hoping this is possible.
07-31-2023 11:39 AM
Hi @TonyDeHart ,
You can configure your inside network interface IP on the PA-5200 to respond to SNMP queries while leaving SNMP working on the MGMT interface. Arte you needing assistance setting up SNMP on the inside interface?
07-31-2023 12:12 PM
Apparently I do need assistance. I had a ticket open with Palo because I thought I needed to do something with service routes but that is for SNMP traps only I'm told. It isn't clear to me (other than some rule) why I can't get SNMP queries to work on the inside Ethernet1/17 interface. I didn't see the query hitting the traffic monitor so I'm not sure what is happening yet or if some rule is necessary.
Essentially I need Netflow and SNMP queries on the same Ethernet1/17 interface IP.
08-03-2023 06:44 AM
Either there is something unique to my situation or I'm missing something. I did open a ticket with Palo on this but spent some time on it and it is still a mystery why SNMP queries to the IP on interface Ethernet1/17 are not working. I can see ingress traffic to that IP from the machine making the query but there are never any return packets and packet captures likewise show the get request but no response. Hopefully support will have an answer and if so I'll post it here.
11-03-2023 03:39 PM
Has anyone found a solution to your problem? On mine, snmp works through the management interface. However, I don't want to use the management interface. Rather, I want to use it on the LAN interface.
I have ping, snmp, ssh and ssl enabled on my LAN interface via interface management under Network Profiles within Interfaces. I also have SNMP enabled from Device, Setup, Operations, SNMP Setup. And, I made the appropriate policy to accommodate that. While I can SSH into it and do an ARP lookup, it wouldn't work through a MIB Browser. It says SNMP not responding. Why does it work on management interface but not on LAN interface? I can get to my web GUI from LAN interface. Just not for SNMP queries. I'm hoping you got that resolved. Thanks!
11-06-2023 01:02 PM
To the best of my recollection, all I was missing was the enablement of the SNMP using the management profile on our inside trusted interface. I don't remember having to change anything after that to get it to work. Do you see it in the logs now that it is on the inside? (it plainly shows in my traffic logs once using the inside interface vs the mgmt interface)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
