You can use an SNMP manager to monitor event-driven
alerts and operational statistics for the firewall, Panorama, or
WF-500 appliance and for the traffic they process. The statistics
and traps can help you identify resource limitations, system changes or
failures, and malware attacks. You configure alerts by forwarding
log data as traps, and enable the delivery of statistics in response
to GET messages (requests) from your SNMP manager. Each trap and
statistic has an object identifier (OID). Related OIDs are organized
hierarchically within the Management Information Bases (MIBs) that
you load into the SNMP manager to enable monitoring.
When an event triggers SNMP trap generation (for example,
an interface goes down), the firewall, Panorama virtual appliance,
M-Series appliance, and WF-500 appliance respond by updating the
corresponding SNMP object (for example, the interfaces MIB) instead
of waiting for the periodic update of all objects that occurs every
ten seconds. This ensures that your SNMP manager displays the latest
information when polling an object to confirm an event.
The firewall, Panorama, and WF-500 appliance support SNMP Version
2c and Version 3. Decide which to use based on the version that
other devices in your network support and on your network security
requirements. SNMPv3 is more secure and enables more granular access
control for system statistics than SNMPv2c. The following table
summarizes the security features of each version. You select the version
and configure the security features when you Monitor
Statistics Using SNMP and Forward
Traps to an SNMP Manager.
SNMPVersion
Authentication
Message Privacy
MessageIntegrity
MIB Access Granularity
SNMPv2c
Community string
No (cleartext)
No
SNMP community access for all MIBs on a
device
SNMPv3
EngineID, username, and authentication password
(SHA hashing for the password)
Privacy password for AES (128, 192, or 256) encryption
of SNMP messages
Yes
User access based on views that include
or exclude specific OIDs
SNMP
Implementation illustrates a deployment in which firewalls
forward traps to an SNMP manager while also forwarding logs to Log
Collectors. Alternatively, you could configure the Log Collectors
to forward the firewall traps to the SNMP manager. For details on
these deployments, refer to Log Forwarding Options in Centralized Logging
and Reporting. In all deployments, the SNMP manager gets
statistics directly from the firewall, Panorama, or WF-500 appliance.
In this example, a single SNMP manager collects both traps and statistics,
though you can use separate managers for these functions if that
better suits your network.