1.5.1 Ensure 'V3' is selected for SNMP polling

Information

For SNMP polling, only SNMPv3 should be used.
Rationale:
SNMPv3 utilizes AES-128 encryption, message integrity, user authorization, and device authentication security features. SNMPv2c does not provide these security features. If an SNMPv2c community string is intercepted or otherwise obtained, an attacker could gain read access to the firewall. Note that SNMP write access is not possible.

Solution

Navigate to Device > Setup > Operations > Miscellaneous > SNMP Setup
Select V3.
Default Value:
Not configured

See Also

https://workbench.cisecurity.org/files/1664

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|3.4, CSCv6|9.1, CSCv6|14.2

Plugin: Palo_Alto

Control ID: efb4814fa5cd26a5f585d32d3a0bcb3bc48dadc424da4f63eb231f9fc3877491