On Mon, 18 May 2020 21:37:24 +0100 Edgar Matias edgar.matias@fccn.pt wrote:
I recently added a Paloalto firewall to the NAV to be monitored. This is the gateway for some vlan.
NAV lists all interfaces, but does not classify them as routing or switching ports. There are other things that are not recognized as power supply sensors, for example.
I believe this is because the NAV does not have specific MIBs configured.
It depends. Some firewall products seem to be pretty picky about what they want to reveal using SNMP.
IP addresses and prefixes are normally fetched from the IP-MIB (IETF RFC 4293). Reading tech docs [1] at Palo Alto Networks homepage indicates that their products do no support this MIB explicitly.
However, it mentions support for MIB-II, which is defined by the ancient IETF RFC 1213 (March 1991). RFC 4293 redefines and updates the IP group of the original MIB-II (and in this version, the ipAddrTable object is deprecated in favor of a an IP version agnostic table - which Palo Alto really should support if their products work with IPv6).
NAV does however support IP-MIB::ipAddrTable, which should be the same as RFC1213-MIB::ipAddrTable. I'd say you should monitor ipdevpoll.log for any error messages related to your firewalls, and verify that this information can actually be collected from the firewall. Something akin to `snmpwalk -v2c COMMUNITY FIREWALL-IP RFC1213-MIB::ipAddrTable`.
[1] https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/snmp-mo...
Great tool ;)
Thanks :)
-- sincerely, Morten Brekkevold Uninett