Supported MIBs
The following table lists the Simple Network Management Protocol (SNMP) management information bases (MIBs) that Palo Alto Networks firewalls, Panorama, and WF-500 appliances support. You must load these MIBs into your SNMP manager to monitor the objects (system statistics and traps) that are defined in the MIBs. For details, see Use an SNMP Manager to Explore MIBs and Objects.
MIB Type Supported MIBs
Standard—The Internet Engineering Task Force (IETF) maintains most standard MIBs. You can download the MIBs from the IETF website. Palo Alto Networks firewalls, Panorama, and WF-500 appliances don’t support every object (OID) in every one of these MIBs. See the Supported MIBs links for an overview of the supported OIDs. MIB-II IF-MIB HOST-RESOURCES-MIB ENTITY-MIB ENTITY-SENSOR-MIB ENTITY-STATE-MIB IEEE 802.3 LAG MIB LLDP-V2-MIB.my BFD-STD-MIB
Enterprise—You can download the enterprise MIBs from the Palo Alto Networks Technical Documentation portal. PAN-COMMON-MIB.my PAN-GLOBAL-REG-MIB.my PAN-GLOBAL-TC-MIB.my PAN-LC-MIB.my PAN-PRODUCT-MIB.my PAN-ENTITY-EXT-MIB.my PAN-TRAPS.my
MIB-II
MIB-II provides object identifiers (OIDs) for network management protocols in TCP/IP-based networks. Use this MIB to monitor general information about systems and interfaces. For example, you can analyze trends in bandwidth usage by interface type (ifType object) to determine if the firewall needs more interfaces of that type to accommodate spikes in traffic volume.
Palo Alto Networks firewalls, Panorama, and WF-500 appliances support only the following object groups:
Object Group Description
system Provides system information such as the hardware model, system uptime, FQDN, and physical location.
interfaces Provides statistics for physical and logical interfaces such as type, current bandwidth (speed), operational status (for example, up or down), and discarded packets. Logical interface support includes VPN tunnels, aggregate groups, Layer 2 subinterfaces, Layer 3 subinterfaces, loopback interfaces, and VLAN interfaces.
RFC 1213 defines this MIB.
IF-MIB
IF-MIB supports interface types (physical and logical) and larger counters (64K) beyond those defined in MIB-II. Use this MIB to monitor interface statistics in addition to those that MIB-II provides. For example, to monitor the current bandwidth of high-speed interfaces (greater than 2.2Gps) such as the 10G interfaces of the PA-5000 Series firewalls, you must check the ifHighSpeed object in IF-MIB instead of the ifSpeed object in MIB-II. IF-MIB statistics can be useful when evaluating the capacity of your network.
Palo Alto Networks firewalls, Panorama, and WF-500 appliances support only the ifXTable in IF-MIB, which provides interface information such as the number of multicast and broadcast packets transmitted and received, whether an interface is in promiscuous mode, and whether an interface has a physical connector.
RFC 2863 defines this MIB.
HOST-RESOURCES-MIB
HOST-RESOURCES-MIB provides information for host computer resources. Use this MIB to monitor CPU and memory usage statistics. For example, checking the current CPU load (hrProcessorLoad object) can help you troubleshoot performance issues on the firewall.
Palo Alto Networks firewalls, Panorama, and WF-500 appliances support portions of the following object groups:
Object Group Description
hrDevice Provides information such as CPU load, storage capacity, and partition size. The hrProcessorLoad OIDs provide an average of the cores that process packets. For the PA-5060 firewall, which has multiple dataplanes (DPs), the average is of the cores across all the three DPs that process packets.
hrSystem Provides information such as system uptime, number of current user sessions, and number of current processes.
hrStorage Provides information such as the amount of used storage.
RFC 2790 defines this MIB.
ENTITY-MIB
ENTITY-MIB provides OIDs for multiple logical and physical components. Use this MIB to determine what physical components are loaded on a system (for example, fans and temperature sensors) and see related information such as models and serial numbers. You can also use the index numbers for these components to determine their operational status in the ENTITY-SENSOR-MIB and ENTITY-STATE-MIB.
Palo Alto Networks firewalls, Panorama, and WF-500 appliances support only portions of the entPhysicalTable group:
Object Description
entPhysicalIndex A single namespace that includes disk slots and disk drives.
entPhysicalDescr The component description.
entPhysicalVendorType The sysObjectID (see PAN-PRODUCT-MIB.my) when it is available (chassis and module objects).
entPhysicalContainedIn The value of entPhysicalIndex for the component that contains this component.
entPhysicalClass Chassis (3), container (5) for a slot, power supply (6), fan (7), sensor (8) for each temperature or other environmental, and module (9) for each line card.
entPhysicalParentRelPos The relative position of this child component among its sibling components. Sibling components are defined as entPhysicalEntry components that share the same instance values of each of the entPhysicalContainedIn and entPhysicalClass objects.
entPhysicalName Supported only if the management (MGT) interface allows for naming the line card.
entPhysicalHardwareRev The vendor-specific hardware revision of the component.
entPhysicalFirwareRev The vendor-specific firmware revision of the component.
entPhysicalSoftwareRev The vendor-specific software revision of the component.
entPhysicalSerialNum The vendor-specific serial number of the component.
entPhysicalMfgName The name of the manufacturer of the component.
entPhysicalMfgDate The date when the component was manufactured.
entPhysicalModelName The disk model number.
entPhysicalAlias An alias that the network manager specified for the component.
entPhysicalAssetID A user-assigned asset tracking identifier that the network manager specified for the component.
entPhysicalIsFRU Indicates whether the component is a field replaceable unit (FRU).
entPhysicalUris The Common Language Equipment Identifier (CLEI) number of the component (for example, URN:CLEI:CNME120ARA).
RFC 4133 defines this MIB.
ENTITY-SENSOR-MIB
ENTITY-SENSOR-MIB adds support for physical sensors of networking equipment beyond what ENTITY-MIB defines. Use this MIB in tandem with the ENTITY-MIB to monitor the operational status of the physical components of a system (for example, fans and temperature sensors). For example, to troubleshoot issues that might result from environmental conditions, you can map the entity indexes from the ENTITY-MIB (entPhysicalDescr object) to operational status values (entPhysSensorOperStatus object) in the ENTITY-SENSOR-MIB. In the following example, all the fans and temperature sensors for a PA-3020 firewall are working:
The same OID might refer to different sensors on different platforms. Use the ENTITY-MIB for the targeted platform to match the value to the description.
Palo Alto Networks firewalls, Panorama, and WF-500 appliances support only portions of the entPhySensorTable group. The supported portions vary by platform and include only thermal (temperature in Celsius) and fan (in RPM) sensors.
RFC 3433 defines the ENTITY-SENSOR-MIB.
ENTITY-STATE-MIB
ENTITY-STATE-MIB provides information about the state of physical components beyond what ENTITY-MIB defines, including the administrative and operational state of components in chassis-based platforms. Use this MIB in tandem with the ENTITY-MIB to monitor the operational state of the components of a PA-7000 Series firewall (for example, line cards, fan trays, and power supplies). For example, to troubleshoot log forwarding issues for Threat logs, you can map the log processing card (LPC) indexes from the ENTITY-MIB (entPhysicalDescr object) to operational state values (entStateOper object) in the ENTITY-STATE-MIB. The operational state values use numbers to indicate state: 1 for unknown, 2 for disabled, 3 for enabled, and 4 for testing. The PA-7000 Series firewall is the only Palo Alto Networks firewall that supports this MIB.
RFC 4268 defines the ENTITY-STATE-MIB.
IEEE 802.3 LAG MIB
Use the IEEE 802.3 LAG MIB to monitor the status of aggregate groups that have Link Aggregation Control Protocol ( ECMP) enabled. When the firewall logs LACP events, it also generates traps that are useful for troubleshooting. For example, the traps can tell you whether traffic interruptions between the firewall and an LACP peer resulted from lost connectivity or from mismatched interface speed and duplex values.
PAN-OS implements the following SNMP tables for LACP. Note that the dot3adTablesLastChanged object indicates the time of the most recent change to dot3adAggTable, dot3adAggPortListTable, and dot3adAggPortTable.
Table Description
Aggregator Configuration Table (dot3adAggTable) This table contains information about every aggregate group that is associated with a firewall. Each aggregate group has one entry. Some table objects have restrictions, which the dot3adAggIndex object describes. This index is the unique identifier that the local system assigns to the aggregate group. It identifies an aggregate group instance among the subordinate managed objects of the containing object. The identifier is read-only. The ifTable MIB (a list of interface entries) does not support logical interfaces and therefore does not have an entry for the aggregate group.
Aggregation Port List Table (dot3adAggPortListTable) This table lists the ports associated with each aggregate group in a firewall. Each aggregate group has one entry. The dot3adAggPortListPorts attribute lists the complete set of ports associated with an aggregate group. Each bit set in the list represents a port member. For non-chassis platforms, this is a 64-bit value. For chassis platforms, the value is an array of eight 64-bit entries.
Aggregation Port Table (dot3adAggPortTable) This table contains LACP configuration information about every port associated with an aggregate group in a firewall. Each port has one entry. The table has no entries for ports that are not associated with an aggregate group.
LACP Statistics Table (dot3adAggPortStatsTable) This table contains link aggregation information about every port associated with an aggregate group in a firewall. Each port has one row. The table has no entries for ports that are not associated with an aggregate group.
The IEEE 802.3 LAG MIB includes the following LACP-related traps:
Trap Name Description
panLACPLostConnectivityTrap The peer lost connectivity to the firewall.
panLACPUnresponsiveTrap The peer does not respond to the firewall.
panLACPNegoFailTrap LACP negotiation with the peer failed.
panLACPSpeedDuplexTrap The link speed and duplex settings on the firewall and peer do not match.
panLACPLinkDownTrap An interface in the aggregate group is down.
panLACPLacpDownTrap An interface was removed from the aggregate group.
panLACPLacpUpTrap An interface was added to the aggregate group.
For the MIB definitions, refer to IEEE 802.3 LAG MIB.
LLDP-V2-MIB.my
Use the LLDP-V2-MIB to monitor Link Layer Discovery Protocol ( LLDP) events. For example, you can check the lldpV2StatsRxPortFramesDiscardedTotal object to see the number of LLDP frames that were discarded for any reason. The Palo Alto Networks firewall uses LLDP to discover neighboring devices and their capabilities. LLDP makes troubleshooting easier, especially for virtual wire deployments where the ping or traceroute utilities won’t detect the firewall.
Palo Alto Networks firewalls support all the LLDP-V2-MIB objects except:
The following lldpV2Statistics objects: lldpV2StatsRemTablesLastChangeTime lldpV2StatsRemTablesInserts lldpV2StatsRemTablesDeletes lldpV2StatsRemTablesDrops lldpV2StatsRemTablesAgeouts The following lldpV2RemoteSystemsData objects: The lldpV2RemOrgDefInfoTable table In the lldpV2RemTable table: lldpV2RemTimeMark
RFC 4957 defines this MIB.
BFD-STD-MIB
Use the Bidirectional Forwarding Detection (BFD) MIB to monitor and receive failure alerts for the bidirectional path between two forwarding engines, such as interfaces, data links, or the actual engines. For example, you can check the bfdSessState object to see the state of a BFD session between forwarding engines. In the Palo Alto Networks implementation, one of the forwarding engines is a firewall interface and the other is an adjacent configured BFD peer.
RFC 7331 defines this MIB.
PAN-COMMON-MIB.my
Use the PAN-COMMON-MIB to monitor the following information for Palo Alto Networks firewalls, Panorama, and WF-500 appliances:
Object Group Description
panSys Contains such objects as system software/hardware versions, dynamic content versions, serial number, HA mode/state, and global counters. The global counters include those related to Denial of Service (DoS), IP fragmentation, TCP state, and dropped packets. Tracking these counters enables you to monitor traffic irregularities that result from DoS attacks, system or connection faults, or resource limitations. PAN-COMMON-MIB supports global counters for firewalls but not for Panorama.
panChassis Chassis type and M-Series appliance mode (Panorama or Log Collector).
panSession Session utilization information. For example, the total number of active sessions on the firewall or a specific virtual system.
panMgmt Status of the connection from the firewall to the Panorama management server.
panGlobalProtect GlobalProtect gateway utilization as a percentage, maximum tunnels allowed, and number of active tunnels.
panLogCollector Log Collector information such as the logging rate, log database storage duration (in days), and RAID disk usage.
PAN-GLOBAL-REG-MIB.my
PAN-GLOBAL-REG-MIB.my contains global, top-level OID definitions for various sub-trees of Palo Alto Networks enterprise MIB modules. This MIB doesn’t contain objects for you to monitor; it is required only for referencing by other MIBs.
PAN-GLOBAL-TC-MIB.my
PAN-GLOBAL-TC-MIB.my defines conventions (for example, character length and allowed characters) for the text values of objects in Palo Alto Networks enterprise MIB modules. All Palo Alto Networks products use these conventions. This MIB doesn’t contain objects for you to monitor; it is required only for referencing by other MIBs.
PAN-LC-MIB.my
PAN-LC-MIB.my contains definitions of managed objects that Log Collectors (M-Series appliances in Log Collector mode) implement. Use this MIB to monitor the logging rate, log database storage duration (in days), and disk usage (in MB) of each logical disk (up to four) on a Log Collector. For example, you can use this information to determine whether you should add more Log Collectors or forward logs to an external server (for example, a syslog server) for archiving.
PAN-PRODUCT-MIB.my
PAN-PRODUCT-MIB.my defines sysObjectID OIDs for all Palo Alto Networks products. This MIB doesn’t contain objects for you to monitor; it is required only for referencing by other MIBs.
PAN-ENTITY-EXT-MIB.my
Use PAN-ENTITY-EXT-MIB.my in tandem with the ENTITY-MIB to monitor power usage for the physical components of a PA-7000 Series firewall (for example, fan trays, and power supplies), which is the only Palo Alto Networks firewall that supports this MIB. For example, when troubleshooting log forwarding issues, you might want to check the power usage of the log processing cards (LPCs): you can map the LPC indexes from the ENTITY-MIB (entPhysicalDescr object) to values in the PAN-ENTITY-EXT-MIB (panEntryFRUModelPowerUsed object).
PAN-TRAPS.my
Use PAN-TRAPS.my to see a complete listing of all the generated traps and information about them (for example, a description). For a list of traps that Palo Alto Networks firewalls, Panorama, and WF-500 appliances support, refer to the PAN-COMMON-MIB.my > panCommonEvents > panCommonEventsEvents > panCommonEventEventsV2 object.

Related Documentation