SNMP response on two interfaces? Possible?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

SNMP response on two interfaces? Possible?

L4 Transporter

I'm configuring NetFlow on our PA-5200. I'm collecting the data in What's Up Gold.  WUG has a limitations (it appears) that the NetFlow IP that I use for the IP address also has to be respond via SNMP on the same address.  However, the PA-5200 cannot send NetFlow traffic out its MGMT interface so I'm using our inside trusted interface to send Netflow traffic. 

 

Can I configure our inside network interface IP to respond to SNMP queries while leaving the SNMP working on the MGMT interface?

 

I don't want to change the SNMP interface/IP used in our Service Route config because we already have other devices talking to that interface and I don't want to have to reconfigure other SNMP tools.  I'm hoping this is possible.

 

5 REPLIES 5

Community Team Member

Hi @TonyDeHart ,

 

You can configure your inside network interface IP on the PA-5200 to respond to SNMP queries while leaving SNMP working on the MGMT interface. Arte you needing assistance setting up SNMP on the inside interface?

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

L4 Transporter

Apparently I do need assistance. I had a ticket open with Palo because I thought I needed to do something with service routes but that is for SNMP traps only I'm told.  It isn't clear to me (other than some rule) why I can't get SNMP queries to work on the inside Ethernet1/17 interface. I didn't see the query hitting the traffic monitor so I'm not sure what is happening yet or if some rule is necessary.

 

Essentially I need Netflow and SNMP queries on the same Ethernet1/17 interface IP.

L4 Transporter

Either there is something unique to my situation or I'm missing something. I did open a ticket with Palo on this but spent some time on it and it is still a mystery why SNMP queries to the IP on interface Ethernet1/17 are not working.  I can see ingress traffic to that IP from the machine making the query but there are never any return packets and packet captures likewise show the get request but no response.  Hopefully support will have an answer and if so I'll post it here.

Has anyone found a solution to your problem? On mine, snmp works through the management interface. However, I don't want to use the management interface. Rather, I want to use it on the LAN interface.

 

I have ping, snmp, ssh and ssl enabled on my LAN interface via interface management under Network Profiles within Interfaces. I also have SNMP enabled from Device, Setup, Operations, SNMP Setup. And, I made the appropriate policy to accommodate that. While I can SSH into it and do an ARP lookup, it wouldn't work through a MIB Browser. It says SNMP not responding. Why does it work on management interface but not on LAN interface? I can get to my web GUI from LAN interface. Just not for SNMP queries. I'm hoping you got that resolved. Thanks!

L4 Transporter

To the best of my recollection, all I was missing was the enablement of the SNMP using the management profile on our inside trusted interface. I don't remember having to change anything after that to get it to work.  Do you see it in the logs now that it is on the inside? (it plainly shows in my traffic logs once using the inside interface vs the mgmt interface)

  • 1260 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!