Palo Alto Firewall
Introduction
The Palo Alto Networks Firewall Monitoring Observability (O11y) solution aims to provide detailed insights and comprehensive visibility into firewall infrastructure, leveraging the Simple Network Management Protocol (SNMP).
Getting Started
Compatibility
PaloAlto Firewall O11ySource supports SNMP versions v1, v2c and v3.
Data Collection Method
vuSmartMaps collects the availability data for PaloAlto Firewall O11ySource using an internal data collector and collects data based on the source configuration. NOTE: SNMP Polling O11ySource has to be enabled and configured before enabling PaloAlto Firewall O11ySource
Prerequisites
Dependent Configuration
To configure this O11ySource, create a 'credential' of type 'snmp' under the 'Definition' tab.
Inputs for Configuring Data Source
- Group Name: This field is for grouping devices for SNMP polling, making it easier to manage devices with common characteristics or within the same network segment.
- No. of Retries: Number of times the system should reattempt polling if the initial attempt fails. Default is set to 7 retries
- Timeout Duration: Specify how long the system should wait for a response from a device before considering the attempt unsuccessful. Default timeout is 5 seconds
Devices
- Device IP: Enter the IP address of the device.
- SNMP Credential: Select the SNMP credential from the dropdown list that corresponds to this device.
- Vendor: Select the vendor of the device from the dropdown list
- Model: Select the model of the device from dropdown list.
MIB Groups
- MIB Group: Select the MIB Group to poll, identifying the MIB OID to collect. Default: 'ALL_SUPPORTED_MIB_GROUPS'.
- Interval: Specify the polling interval in seconds. Default: 360 seconds
Firewall Requirement
To collect data from this O11ySource, ensure the following ports are opened:
| Source IP | Destination IP | Destination Port | Protocol | Direction |
|---|---|---|---|---|
| vuSmartMaps IP | IP address of the SNMP device | 161* | UDP | Outbound |
*Before providing the firewall requirements, please update the port based on the customer environment.
Configuring the Target
Configure SNMP on PaloAlto Firewall devices and grant SNMP access permissions to vuSmartMaps designated IP address.
Configuration Steps
- Enable the PaloAlto Firewall O11ySource.
- Select the Sources tab and press the
+button to add a new SNMP device to be monitored. - Click on
Saveto create the instance
Metrics Collected
| Name | Description | Data Type |
|---|---|---|
| timestamp | Timestamp | DateTime64(3) |
| target | IP of the Target Server | String |
| host | IP of the Host | String |
| hostname | Hostname of the target server | String |
| tenant_id | Tenant Id | LowCardinality(String) |
| bu_id | BU Id | LowCardinality(String) |
| Data Type | Data Type | LowCardinality(String) |
| Type | Type for each data | LowCardinality(String) |
| DeviceIP | Device IP Address | IPv4 |
| used | Storage used expressed in Allocation Units | UInt64 |
| size | Storage size expressed in Allocation Units | UInt64 |
| unit | Indicates the memory allocation unit. Always indicates bytes for network devices | UInt32 |
| index | CPU Index | String |
| name | CPU Name | String |
| pansession | Number of active sessions | UInt32 |
| pan_session_tcp | Number of active TCP sessions | UInt32 |
| pan_session_udp | Number of active UDP sessions | UInt32 |
| pan_session_icmp | Number of active ICMP sessions | UInt32 |
| pansessionutilization | Session Utilization | Float32 |
| pansyshamode | High Availability mode | LowCardinality(String) |
| pansyshapeerstate | High Availability Peer State | LowCardinality(String) |
| pansyshastate | High Availability State | LowCardinality(String) |
| flow_dos_blk_hw_entries | Number of entries in DOS hardware Block Table | UInt64 |
| flow_dos_blk_num_entries | Number of entries in DOS Block Table | UInt64 |
| flow_dos_blk_sw_entries | Number of entries in DOS Software Block Table | UInt64 |
| flow_dos_drop_ip_blocked | Packets Dropped - Flagged for Blocking | UInt64 |
| flow_dos_rule_drop | Packets Dropped - Rate Limited or IP Blocked | UInt64 |
| flow_policy_deny | Session Setup Denied by policy | UInt64 |
