PathSolutions has built in support for the Palo Alto API to complete the information missing from regular SNMP interrogation on Palo Alto Network devices.


Information Gathered by the API and Not available from regular SNMP Communications:

  • Interface IP Addresses and Subnets 
  • Device Routing Table 
  • Device Arp Cache Data


Prerequisites:

SNMP Access is enabled on the Palo Alto Firewall

   Palo Alto Web UI:    Device -> Setup -> Operations -> Miscellaneous -> SNMP Setup

Account Created (or use existing account) on Palo Alto Networks Firewall

   Palo Alto Web UI:   Device -> Administrators

    Role Required:  Superuser (Read-Only)

Access From TotalView Host to Palo Alto Firewall

    SNMP v2c or v3 (Read Only) 

    SSH Access ( For Device Backup and Account Validation)

    SSL (443) Access for API Communications


Procedure to Setup 

Make sure TotalView is correctly Connected to the Palo Alto Firewall via SNMP

   Config Tool

       Devices Tab

       Palo Alto Firewall is Configured and Hostname and Interface Count present

       Apply or OK to save changes and restart the service

Define Credentials to use to Connect to the Firewall

    Config Tool (Red Tool Box)

        Backup Tab

            Authorization Tab

                If not already Setup..  Define a Authorization Password

            Credentials Tab

                Define Username and Password

             Devices Tab

                Define the Fire

           (Optional)  Schedule Tab

               Define the schedule for Backing up the Firewall

               Set script to use to Backup the Firewall

               (Optional) Set the Syslog String to used for a Syslog Triggered Backup

       Apply or OK to save changes and Restart the TotalView Service

Validate Information is being gathered

Connect to TotalView Web UI

   Network -> Devices Tab

       Select Palo Alto Firewall

       Review Interface IP Information

       Scroll Down to Display Firewall Routing Table



Troubleshooting:

On TotalView Host

Open Web Browser  and connect to Palo Alto Firewall

   Confirm Username and Password work for Login

   Confirm Password Is not Expired or Change Required