DX NetOps

  • Private Community
 View Only

  • 1.  Palo Alto Firewalls dont display Interface IP's

    Posted Aug 02, 2017 01:39 PM

    Hi All,

    We have Juniper and Cisco firewalls in our network and if you enter an IP address that's on one of its interfaces the locater will find the modeled device by the interface IP.  However, we have started deploying Palo Alto firewalls and I have noticed that the IP's on the interfaces of the firewall (not the local host IP) are not showing up in Spectrum, so when I use locator to find an IP on the interface of that firewall it cant find the device model. Is there a patch or workaround to get these interfaces to display their IP's?

     

     

    TIA



  • 2.  Re: Palo Alto Firewalls dont display Interface IP's
    Best Answer

    Posted Aug 02, 2017 01:51 PM

    Patrick,

     

    Spectrum reads the ipAddrTable and ipAddressTable mibs to determine the ip addresses configured on the device and the interfaces where those ip addresses are configured. For the interfaces where those ip addresses are configured, Spectrum reads the ipAdEntIfIndex attribute from the ipAddrTable and the ipAddressIfIndex attribute from the ipAddressTable.

     

    Please use MIB Tools to check if these devices are populating these tables and attributes.

     

    Joe



  • 3.  Re: Palo Alto Firewalls dont display Interface IP's

    Posted Aug 02, 2017 02:00 PM

    I query those entries and get nothing.



  • 4.  Re: Palo Alto Firewalls dont display Interface IP's

    Posted Aug 02, 2017 02:03 PM

    I suspect that is the issue. 

     

    Joe



  • 5.  Re: Palo Alto Firewalls dont display Interface IP's

    Posted Aug 02, 2017 02:06 PM

    Is this on the Spectrum Side or a MIB issue?



  • 6.  Re: Palo Alto Firewalls dont display Interface IP's

    Posted Aug 02, 2017 02:08 PM

    This is on the device side. Spectrum and MIB Tools reads that data directly from the device. Sounds like these tables are empty on the device.

     

    Joe