Palo Alto Networks

Monitor Palo Alto Next-Generation Firewalls Virtual and Physical Appliances

❗️

This source has been deprecated

observIQ is in the process of transitioning a subset of BindPlane's monitoring capabilities to the observIQ OpenTelemetry Collector. As a result, this Source is no longer publicly available in BindPlane. If you need access to this Source, please reach out to our support via chat or via [email protected].

Data Collection Setup

Metrics are collected via REST API running on PAN-OS.

Network Requirements

Port: 443 (TCP) HTTPS connection to the PAN-OS on the monitored firewall appliance.

Least Privileged User

The least-privileged user (LPU) must be assigned the Admin role and the following XML API permissions:

  • Operational Requests
  • Logs
  • Configuration.

Assigning Palo Alto User Permissions

This topic outlines the required permissions for a Palo Alto Networks least-privileged user (LPU).

  1. Select Device -> Admin Roles to define your Admin Role profile.
900
  1. Select your defined Admin Role.
  2. In the Admin Role Profile window, click the XML API tab, and ensure Log, Configuration, and Operational Requests permissions are enabled.
702

📘

Web UI and Command line permissions are not required.

Supported Versions

Hardware: Palo Alto Next-Generation Firewall
Software: PAN-OS versions 7.1, 8.0 (Virtual and Hardware editions)

Connection Parameters

NameRequired?Description
HostRequiredThe Palo Alto Networks Next Generation Firewall to connect to.
PortThe port for communication to the Palo Alto Networks Next Generation Firewall.
UsernameRequired
PasswordRequired
SSL ConfigurationThe SSL mode to use when connecting to the target. Can be configured to not use SSL (No SSL), use SSL but do not verify the target's certificate (No Verify), and use SSL and verify the target's certificate (Verify).
Connection Timeout (seconds)The number of seconds to allow for connecting to the target.
Threat Event Keep Alive Time (hours)The time in hours to keep threat events alive.
Minimum Event SeverityEvents with a severity level below this minimum will not be returned.

Metrics

Application

NameDescription
ChangesChanges
NameName
Packet Throughput (Packets)Packet Throughput
Sessions (Sessions)Sessions
ThreatsThreats
Throughput (Bytes)Throughput
VSYSVSYS

Fan

NameDescription
AlarmAlarm
Minimum Speed (Rotations per Minute)Minimum Speed
NameName
SlotSlot
Speed (Rotations per Minute)Speed

Firewall

NameDescription
Active BCAST (Sessions)Active BCAST
Active BCAST Sessions (%)Active BCAST sessions as a percent of active sessions
Active ICMP (Sessions)Active ICMP
Active ICMP Sessions (%)Active ICMP sessions as a percent of active sessions
Active MCAST (Sessions)Active MCAST
Active MCAST Sessions (%)Active MCAST sessions as a percent of active sessions
Active Predict (Sessions)Active Predict
Active Predict Sessions (%)Active predict sessions as a percent of active sessions
Active Sessions (Sessions)Active Sessions
Active TCP (Sessions)Active TCP
Active TCP Sessions (%)Active TCP sessions as a percent of active sessions
Active UDP (Sessions)Active UDP
Active UDP Sessions (%)Active UDP sessions as a percent of active sessions
App VersionApp Version
AV VersionAV Version
Average Load 15 MinutesAverage load over the last 15 minutes
Average Load 1 MinuteAverage load over the last minute
Average Load 5 MinutesAverage load over the last 5 minutes
Buffer Memory (Kibibytes)Buffer Memory
Connection Establish Rate (Connections per Second)Connection Establish Rate
Control Plane Receive Rate (Packets per Second)Received from Control Plane
CPU Busy (%)CPU Busy
CPU Hardware Interrupts (%)Percentage of CPU processing time spent servicing hardware interrupts.
CPU Idle (%)Percentage of CPU processing time spent idle.
CPU Kernel Processes (%)Percentage of CPU processing time spent running process handled by the kernel.
CPU Niced User Space Processes (%)Percentage of CPU processing time spent running user space processes that have been niced.
CPU Software Interrupts (%)Percentage of CPU processing time spent servicing software interrupts.
CPU Stolen (%)Percentage of CPU processing time spent waiting for the hypervisor to service another CPU.
CPU User Space Processes (%)Percentage of CPU processing time spent running user space processes such as shells, web servers, and applications.
CPU Wait (%)Percentage of CPU processing time spent waiting for an I/O operation to complete.
Data Plane CPU Utilization (%)Data Plane CPU Utilization
Default GatewayDefault Gateway
Device NameDevice Name
Dropped (Packets)Packets dropped: decapuslation error from control plane
Dropped Rate (Packets)Packets dropped: decapuslation error from control plane
FamilyFamily
Free Memory (Kibibytes)Free Memory
Global Protect Clientless VPN VersionGlobal Protect Clientless VPN Version
Global Protect Datafile VersionGlobal Protect Datafile Version
High Availability Anti-Virus CompatibilityHigh Availability Anti-Virus Compatibility
High Availability Application Content CompatibilityHigh Availability Application Content Compatibility
High Availability Control Link PortHigh Availability Control Link Port
High Availability Data Link PortHigh Availability Data Link Port
High Availability EnabledHigh Availability Enabled
High Availability Global Protect Client Software CompatibilityHigh Availability Global Protect Client Software Compatibility
High Availability Management IPHigh Availability Management IP
High Availability Management IPv6High Availability Management IPv6
High Availability ModeHigh Availability Mode
High Availability Passive Link StateHigh Availability Passive Link State
High Availability Peer IPHigh Availability Peer IP
High Availability Peer IPv6High Availability Peer IPv6
High Availability Peer PriorityHigh Availability Peer Priority
High Availability PreemptiveHigh Availability Preemptive
High Availability PriorityHigh Availability Priority
High Availability Software Version CompatibilityHigh Availability Software Version Compatibility
High Availability StateHigh Availability State
High Availability State Duration (Seconds)High Availability State Duration
High Availability Threat Content CompatibilityHigh Availability Threat Content Compatibility
High Availability URL CompatibilityHigh Availability URL Compatibility
High Availability VPN Client Software CompatibilityHigh Availability VPN Client Software Compatibility
HostnameHostname
IP AddressIP Address
IPv6 AddressIPv6 Address
IPv6 Default GatewayIPv6 Default Gateway
IPv6 Link Local AddressIPv6 Link Local Address
Is DHCPWhether or not firewall uses Dynamic Host Configuration Protocol
Log Database VersionLog Database Version
MAC AddressMAC Address
Management Plane CPU Utilization (%)Management Plane CPU Utilization
Maximum Supported Sessions (Sessions)Maximum Supported Sessions
Memory Utilization (%)Memory Utilization
ModelModel
Multi-VSYSMulti Virtual Systems
NetmaskNetmask
Operational ModeOperational Mode
Platform FamilyPlatform Family
Received From Control Plane (Packets)Received From Control Plane
Received Throughput (Packets)Received Throughput
Received Throughput Rate (Packets per Second)Received Throughput
Running TasksRunning Tasks
Sent Throughput (Packets)Sent Throughput to host
Sent Throughput Rate (Packets per Second)Sent Throughput to host
SerialSerial
Session Throughput (Kibibytes per Second)Session Throughput
Session Utilization (%)Active sessions as a percent of maximum supported sessions
Sleeping TasksSleeping Tasks
Software VersionSoftware Version
SSL HSM Events ReceivedThe number of HSM up/down events received
SSL HSM Events Received RateThe number of HSM up/down events received
Stopped TasksStopped Tasks
Swap Cached Memory (Kibibytes)Swap Cached Memory
Swap Free Memory (Kibibytes)Swap Free Memory
Swap Total Memory (Kibibytes)Swap Total Memory
Swap Used Memory (Kibibytes)Swap Used Memory
Swap Utilization (%)Swap Utilization
Threat VersionThreat Version
Total Memory (Kibibytes)Total Memory
Total TasksTotal Tasks
Transmitted to Control Plane (Packets)Transmitted to Control Plane
Transmitted to Control Plane Rate (Packets per Second)Transmitted to Control Plane
URL Filtering VersionURL Filtering Version
Used Memory (Kibibytes)Used Memory
UsersNumber of users
VM ModeVM Mode
VM UUIDVM UUID
VPN Disable ModeVPN Disable Mode
WildFire Private VersionWildFire Private Version
WildFire VersionWildFire Version
Zombie TasksZombie Tasks

Interface

NameDescription
ARP Not FoundLogical interface ARP not found
CPU Errors (Errors)Logical interface received errors from CPU
Data Dropped (Packets)Logical interface packets dropped from CPU
Data Received (Packets)Logical interface packets received from CPU
DuplexDuplex
Errors Received (Errors)Hardware interface errors received from CPU
Flow State Dropped Data (Packets)Logical interface packets dropped by flow state check from CPU
ForwardingForwarding
Forwarding Errors (Errors)Logical interface forwarding errors from CPU
Hardware Received Throughput (Bytes)Hardware interface received throughput from CPU
Hardware Sent Throughput (Bytes)Hardware interface sent throughput from CPU
ICMP FragmentationLogical interface ICMP fragmentation from CPU
IDID
IP Spoof AttacksLogical interface IP spoof attacks from CPU
IPv4 AddressIPv4 Address
IPv6 AddressIPv6 Address
Layer 2 Decapsulated Data (Packets)Logical interface layer 2 decapsulated packets from CPU
Layer 2 Encapsulated Data (Packets)Logical interface layer 2 encapsulated packets from CPU
Local Area Network Denial AttacksLogical interface LAN Denial attacks from CPU
Logical Received Throughput (Bytes)Logical interface throughput received from CPU
Logical Sent Throughput (Bytes)Logical interface sent throughput from CPU
MAC AddressMAC Address
MAC Not FoundLogical interface MAC not found from CPU
MAC Spoof AttacksLogical interface MAC spoof attacks from CPU
ModeMode
NameName
Neighbor Info PendingLogical interface neighbor info pending from CPU
Neighbor Not FoundLogical interface neighbor not found from CPU
No RouteLogical interface no route from CPU
Packets Dropped (Packets)Hardware interface received packets dropped from CPU
Packets Received (Packets)Hardware interface received packets from CPU
Packets Sent (Packets)Logical interface packets sent from CPU
Physical Port Received Broadcast (Packets)Physical port received broadcast from MAC
Physical Port Received Multicast (Packets)Physical port received multicast from MAC
Physical Port Received Throughput (Bytes)Physical port received throughput from MAC
Physical Port Received Unicast (Packets)Physical port received unicast from MAC
Physical Port Sent Broadcast (Packets)Physical port sent broadcast from MAC
Physical Port Sent Multicast (Packets)Physical port sent multicast from MAC
Physical Port Sent Throughput (Bytes)Physical port sent throughput from MAC
Physical Port Sent Unicast (Packets)Physical port sent unicast from MAC
Ping-Of-Death AttacksLogical interface ping-of-death attacks from CPU
Rated SpeedRated Speed
Sent Packets (Packets)Hardware interface sent packets from CPU
StateState
TagTag
Teardrop AttacksLogical interface MAC teardrop from CPU
TypeType
ZoneZone
Zone ChangesLogical interface zone change from CPU

Policy Based Forwarding Table Rule

NameDescription
ActionAction
EgressEgress
IdId
NameName
Next HopNext Hop
Next Hop StateNext Hop State

Power Rail

NameDescription
AlarmAlarm
Maximum Voltage (Volts)Maximum Voltage
Minimum Voltage (Volts)Minimum Voltage
NameName
SlotSlot
Voltage (Volts)Voltage

Thermal Sensor

NameDescription
AlarmAlarm
Maximum Temperature (Celsius)Maximum Temperature
Minimum Temperature (Celsius)Minimum Temperature
NameName
SlotSlot
Temperature (Celsius)Temperature

Virtual Router

NameDescription
Equal-Cost Multi-Path Routing IPv4 EntriesEqual-Cost Multi-Path Routing IPv4 Entries
Equal-Cost Multi-Path Routing IPv6 EntriesEqual-Cost Multi-Path Routing IPv6 Entries
IPv4 Forwarding Table EntriesIPv4 Forwarding Table Entries
IPv4 Forwarding Table Entries Utilization (%)Number of IPv4 forwarding table entries as a percent of max
IPv6 Forwarding Table EntriesIPv6 Forwarding Table Entries
IPv6 Forwarding Table Entries Utilization (%)Number of IPv6 forwarding table entries as a percent of max
Maximum IPv4 Forwarding Table EntriesMaximum IPv4 Forwarding Table Entries
Maximum IPv6 Forwarding Table EntriesMaximum IPv6 Forwarding Table Entries
NameName

VSYS

NameDescription
ChangesChanges
Display NameDisplay Name
NameName
Packet Throughput (Packets)Packet Throughput
Sessions (Sessions)Sessions
ThreatsThreats
Throughput (Bytes)Throughput