Device > Server Profiles > SNMP Trap
Table of Contents
Device > Server Profiles > SNMP Trap
Simple Network Management Protocol (SNMP) is a standard
protocol for monitoring the devices on your network. To alert you
to system events or threats on your network, monitored devices send
SNMP traps to SNMP managers (trap servers). Select or to configure the
server profile that enables the firewall or Panorama to send traps
to the SNMP managers. To enable SNMP GET messages (statistics requests
from an SNMP manager), see Enable
SNMP Monitoring.
After creating the server profile, you must specify which log
types will trigger the firewall to send SNMP traps (Device
> Log Settings). For a list of the MIBs that you must load
into the SNMP manager so it can interpret traps, see Supported MIBs
![]()
.
Don’t delete a server profile that any system log setting
or logging profile uses.
SNMP Trap Server Profile
Settings | Description |
|---|---|
Name | Enter a name for the SNMP profile (up to
31 characters). The name is case-sensitive and must be unique. Use
only letters, numbers, spaces, hyphens, and underscores. |
Location | Select the scope in which the profile is
available. In the context of a firewall that has more than one virtual
system (vsys), select a vsys or select Shared (all
virtual systems). In any other context, you can’t select the Location;
its value is predefined as Shared (firewalls) or as Panorama.
After you save the profile, you can’t change its Location. |
Version | Select the SNMP version: V2c (default)
or V3. Your selection controls the remaining
fields that the dialog displays. For either version, you can add
up to four SNMP managers. Use SNMPv3,
which provides authentication and other features to keep network
connections secure. |
For SNMP V2c | |
Name | Specify a name for the SNMP manager. The
name can have up to 31 characters that are alphanumeric, periods,
underscores, or hyphens. |
SNMP Manager | Specify the FQDN or IP address of the SNMP
manager. |
Community | Enter the community string, which identifies
an SNMP community of SNMP managers and monitored devices
and also serves as a password to authenticate the community members
to each other during trap forwarding. The string can have up to
127 characters, accepts all characters, and is case-sensitive. Don’t use default community strings (don’t
set the community string to public or private).
Use unique community strings, which avoids conflicts if you use
multiple SNMP services. Because SNMP messages contain community
strings in clear text, consider the security requirements of your
network when defining community membership (administrator access). |
For SNMP V3 | |
Name | Specify a name for the SNMP manager. The
name can have up to 31 characters that are alphanumeric, periods,
underscores, or hyphens. |
SNMP Manager | Specify the FQDN or IP address of the SNMP
manager. |
User | Specify a username to identify the SNMP
user account (up to 31 characters). The username you configure on
the firewall must match the username configured on the SNMP manager. |
EngineID | Specify the engine ID of the firewall. When
an SNMP manager and the firewall authenticate to each other, trap
messages use this value to uniquely identify the firewall. If you
leave the field blank, the messages use the firewall serial number
as the EngineID. If you enter a value, it
must be in hexadecimal format, prefixed with 0x, and with another
10-128 characters to represent any number of 5-64 bytes (2 characters
per byte). For firewalls in a high availability (HA) configuration,
leave the field blank so that the SNMP manager can identify which
HA peer sent the traps; otherwise, the value is synchronized and
both peers will use the same EngineID. |
Auth Password | Specify the authentication password of the
SNMP user. The firewall uses the password to authenticate to the
SNMP manager. The password must be 8–256 characters and all characters
are allowed. |
Priv Password | Specify the privacy password of the SNMP
user. The password must be 8–256 characters and all characters are
allowed. |
Authentication Protocol | Select the Secured Hash Algorithm (SHA)
for the SNMP manager password. You can select SHA-1, SHA-224, SHA-256, SHA-384,
or SHA-512. |
Privacy Protocol | Select the Advanced Encryption Standard
(AES) for SNMP traps and responses to statistics requests. You can
select AES-128, AES-192, or AES-256. |