Configuring Firewall SNMP alerts / traps configuration in Zabbix

From Notes_Wiki

SNMP Monitoring and Trap Reception in Zabbix (Palo Alto Firewall)

Purpose: This document confirms that Zabbix supports SNMP-based monitoring and SNMP trap reception, and describes the steps followed to validate SNMP polling and trap capability using a Palo Alto firewall.

1. SNMP Package Installation

The required SNMP packages were installed on the Zabbix server:

Command used:

sudo apt install snmp snmptrapd -y

This enables:

- SNMP polling tools

- SNMP trap reception via UDP port 162


2. Zabbix SNMP Trapper Configuration

Verified SNMP trapper settings in Zabbix configuration:

File:

/etc/zabbix/zabbix_server.conf

Verified parameters:

StartSNMPTrapper=1

SNMPTrapperFile=/var/log/snmptrap/snmptrap.log

This confirms:

- SNMP trapper is enabled

- Trap logs are written to the specified file


3. SNMP Trap Listener Verification

Verified that the Zabbix server is listening on SNMP trap port (UDP 162):

Command:

ss -unlp | grep 162

Output confirms:

- UDP port 162 is listening on all interfaces (IPv4 and IPv6)

This confirms the server is technically ready to receive SNMP traps.


4. SNMP Trap Log Verification:

Verified SNMP trap log file existence and permissions:

Command:

ls -l /var/log/snmptrap/snmptrap.log

Observed:

- File exists

- Owned by zabbix:zabbix

- Correct read/write permissions

This ensures Zabbix can process incoming traps.

  • SNMP was enabled on the Palo Alto firewall for the Zabbix server IP.
  • Confirmation received from Network Team that SNMP is enabled on firewall.

5.SNMP Polling Validation (Active Monitoring)

To validate SNMP polling:

- Palo Alto firewall template was downloaded from:

https://github.com/zabbix/community-templates

- Template imported into Zabbix

- Host created with:

- Management interface IP of firewall

- SNMP interface selected

- Palo Alto SNMP template linked

Result:

- SNMP interface status turned green

- Metrics started populating in Zabbix

6.Trigger Validation

A High CPU Utilization trigger was configured.

Testing method:

- Threshold temporarily reduced to 10%

- Current CPU was ~16%

Result:

- Zabbix immediately generated a PROBLEM alert

- Alert was visible in dashboard

Threshold was later restored to normal value (90%).

This confirms:

- SNMP polling is working

- Triggering logic works correctly


7.SNMP Trap Behavior Clarification

- SNMP traps are NOT generated continuously

- Traps are generated only for specific events, such as:

- Hardware failure

- Interface up/down

- Critical system events

Normal operational states generate logs but may not generate traps.

This behavior is device-specific and expected.

Trap Testing Status

At present:

- Zabbix trap listener is active

- Firewall is configured to send traps

- No critical trap condition was triggered yet


8.Conclusion:

Confirmed:

Zabbix supports SNMP polling

Zabbix supports SNMP trap reception

SNMP polling from Palo Alto firewall is working

Zabbix triggers based on SNMP data are working

Zabbix server is ready to receive SNMP traps

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Configuring_Firewall_SNMP_alerts_/_traps_configuration_in_Zabbix&oldid=9901"