1.5.1 Ensure 'V3' is selected for SNMP polling

Information

For SNMP polling, only SNMPv3 should be used.
Rationale:
SNMPv3 utilizes AES-128 encryption, message integrity, user authorization, and device authentication security features. SNMPv2c does not provide these security features. If an SNMPv2c community string is intercepted or otherwise obtained, an attacker could gain read access to the firewall. Note that SNMP write access is not possible.

Solution

Navigate to Device > Setup > Operations > Miscellaneous > SNMP Setup
Select V3.
or
To remediate this setting, execute the following CLI command:
[email protected]#set deviceconfig system snmp-setting access-setting version v3

Default Value:
Not configured

See Also

https://workbench.cisecurity.org/files/1780

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|3.4, CSCv6|9.1, CSCv6|14.2

Plugin: Palo_Alto

Control ID: 73d7baec6f73a793977699f4ac7807a003959d0ffc33ec8dbc930ae178fad8ae