What are you using to implement SNMPv3?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

What are you using to implement SNMPv3?

L2 Linker

I'm taking on the task of setting up SNMPv3 on a firewall but will be starting from scratch with no tools, programs, scripts, etc. in place so I have a lot of flexibility (and also a lot of work ahead). I won't be doing traps but mostly looking at CPU and interface traffic. I would like to know what programs, etc. others are using so I can get an idea of what works well with Palo and where to begin.  Thanks!

2 accepted solutions

Accepted Solutions

@TLineberry

Ok, that's a reason.

Back to what you were asking, as also other software will need more ressources with v3, I think you should give PRTG a try: this software is able to do really a lot more than simple snmp queries (in case you need it sometime), nice design, easy overview over all your sensors, good reporting features, Map feature that allows you to create custom views for an even better overview (for example with your existing network layouts as interactive Map that shows you statusvalies of your devices and it's cheap compared to others.

 

Of course there are also good opensource software out there that you can get for free, but here others can maybe tell you more ... theres just one software that I remember that really does a great job in this category but does not look as ugly as most of the others ... and I hope I can remeber the name again ...  --> https://github.com/netdata/netdata

View solution in original post

Solarwinds Orion monitors with SNMPv3 just fine.  Depending on the PANOS version, the current versions use SHA-1 for Auth, and AES-128 for Privilege authentication.

 

 

root@Expedition:~# apt-get install snmp
After this operation, 4,792 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
root@Expedition:~# which snmpwalk
/usr/bin/snmpwalk
root@Expedition:~# exit
logout
expedition@Expedition:~$ snmpwalk -v 3 -u snmpuser -l authPriv -a SHA -A AuthPassword -x AES -X PrivPassword 10.10.10.100

 

 

SNMPv3.png

 

 

I haven't restricted much with OID/Mask views.  If anyone has good resources on what constitutes a good SNMPv3 View on a PA...I'd sure be interested in your recipe.

View solution in original post

15 REPLIES 15

Cyber Elite
Cyber Elite

Hello,

I would say anything that can use SNMv3 woukd be compatible. That said I have used PRTG and Solarwinds with snmpv3.

 

Regards,

Question heading in this direction: What are reasons to use SNMPv3 instead of v2 to monitor a Paloalto firewall (read only access, strictly controlled sources that are allowed to send queries, controlled network that make spoofing attacks almost impossible,...)?

Specially PRTG consumes a lot more ressources with v3 instead of v2 when there are thousands of sensors...

Thank you both for the input! I have to use v3 to follow a baseline so I don’t have the option of v2 (unfortunately).

@TLineberry

Ok, that's a reason.

Back to what you were asking, as also other software will need more ressources with v3, I think you should give PRTG a try: this software is able to do really a lot more than simple snmp queries (in case you need it sometime), nice design, easy overview over all your sensors, good reporting features, Map feature that allows you to create custom views for an even better overview (for example with your existing network layouts as interactive Map that shows you statusvalies of your devices and it's cheap compared to others.

 

Of course there are also good opensource software out there that you can get for free, but here others can maybe tell you more ... theres just one software that I remember that really does a great job in this category but does not look as ugly as most of the others ... and I hope I can remeber the name again ...  --> https://github.com/netdata/netdata

Solarwinds Orion monitors with SNMPv3 just fine.  Depending on the PANOS version, the current versions use SHA-1 for Auth, and AES-128 for Privilege authentication.

 

 

root@Expedition:~# apt-get install snmp
After this operation, 4,792 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
root@Expedition:~# which snmpwalk
/usr/bin/snmpwalk
root@Expedition:~# exit
logout
expedition@Expedition:~$ snmpwalk -v 3 -u snmpuser -l authPriv -a SHA -A AuthPassword -x AES -X PrivPassword 10.10.10.100

 

 

SNMPv3.png

 

 

I haven't restricted much with OID/Mask views.  If anyone has good resources on what constitutes a good SNMPv3 View on a PA...I'd sure be interested in your recipe.

Thank you both (I tried to accept them both as solutions). This has been very helpful! 

Hi @JW6224

 

I'm trying to fix SNMPv3 between PA3020 PANOS 8.1.1 and solarwinds orion without success.

 

once I change the netflow defult route it works for 10 minutes and stops, when I change back to default it do the same, works for 10 minutes and stops.

 

also for the orion side I see limtied information can't drill to more details by clicking on the IP address.

 

which PANOS you are using? and can you share the configuration or articles you were using?

 

thank you.

Hello,

Sounds like you might have two issues going on maybe. 

 

SNMP v3: To provide access to all management information, use the top-level OID 1.3.6.1, set the Mask to 0xf0, and set the matching Option to include.

 

https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/device/device-setup-oper...

 

Then in Solarwinds, you need to 'List Resources' for the PAN node and do a 'Force Refresh'. This should list everything for the PAN.

 

NETFLOW: Make sure you have the correct destination IP and port. Then in the 'service route configuration' make sure its going out the correct interface (management port by default) allong with any security policies to allow the traffic.

 

Hope that helps.

Hi @OtakarKlier

 

I changed according to your reply and there was a little chnage.

 

There are still time gaps in the netflow data and it’s still not showing me end node talker data.

 

do you familiar with it?

 

Thank you.

L3 Networker

I still have problem using solarwinds orion with palo alto, I can see limited information.

 

can't drill down to top conversation which show me: Data is not available.

 

I also use this article and added all the choices:

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaSCAS

 

thank you for the help.

 

2018_12_21_10_59_59_.jpg

Hello,

Are you sending you netflow data from the PAN to SolarWinds? Is it getting sourced from your management interface are there any drops or denies listed in the logs?

 

Regards,

@OtakarKlier

 

Yes I'm trying to send netflow data to solarwinds orion.

 

I'm using Default service route configuration, when I change the default route or revert beack to default setting it suddly work for few minutes and stop again.

 

On logs I don't see traffic from palo alto to solarwinds IP I guess because it's using mgmt interface.

 

thank you.

Hmm, sounds like it could be on the SW side of this. If you open a case with them they will want to see pcaps from the server verifying you are getting the flow from the PAN.

 

What protocol and port si the PAN using to send the netflow? By default, SW uses udp port 2055.

https://support.solarwinds.com/Success_Center/Netflow_Traffic_Analyzer_(NTA)/Knowledgebase_Articles/...

 

Check out the link and see if the flow is making it to the SW server.

@OtakarKlier

 

SW is receiving the traffic from palo alto but is limited, I can’t drill down in the information.

 

I see 1-2 levels of information, when I want to get more details on the traffic and endpoints it show me the error.

  • 2 accepted solutions
  • 13164 Views
  • 15 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!