Cloud NGFW for Azure
    : View Cloud NGFW Logs and Activity in Panorama
    Focus
    Download PDF
    Focus
    1. Home
    2. Azure
    3. Cloud NGFW for Azure
    4. Panorama Policy Management
    5. View Cloud NGFW Logs and Activity in Panorama
    Download PDF

    Cloud NGFW for Azure

    View Cloud NGFW Logs and Activity in Panorama

    Table of Contents

    View Cloud NGFW Logs and Activity in Panorama

    View logs and activity in Panorama.

    View Cloud NGFW Logs in Panorama

    When integrating Cloud NGFW resources with Panorama, logs and activity are captured and displayed in Panorama on the Monitoring and Application Command Center (ACC) tabs. Panorama collects logs generated by the Cloud NGFW and displays them on the Monitor tab. You can select from the Traffic, Threat, URL Filtering, and Decryption logs and filter those by ID or name. See Cloud NGFW logging documentation for descriptions of the log fields.
    1. Log in to Panorama.
    2. Select Monitor.
    3. From the Device Group drop-down, select the Cloud Device Group to view activity.
    4. You can use a Panorama filter to view the log of an individual Cloud Device Group. Locate the Device Name. Click the + icon in the upper right portion of the Panorama interface to add a new filter. Enter the name for the filter, then click Save. Click the Load Filter icon. Select the newly created filter to display the logs for the individual Cloud Device Group.
    5. From the Logs menu on the left side on the Panorama console, you can choose a specific type of log to view.

    View Cloud NGFW Activity in the ACC

    The ACC is an analytical tool that provides actionable intelligence about the activity within your network. The ACC uses the Cloud NGFW logs to graphically depict traffic trends on your network. The graphical representation allows you to interact with the data and visualize the relationships between events on the network including network usage patterns, traffic patterns, and suspicious activity and anomalies.
    In Panorama, you can filter ACC content based on Cloud Device Group. To learn how to filter and view specific information about activity on your Cloud NGFW resources, see the ACC documentation for PAN-OS.
    1. Log in to Panorama.
    2. Select ACC.
    3. From the Device Group drop-down, select the Cloud Device Group to view activity.
    4. You can use a Panorama filter to view the log of an individual Cloud Device Group. Locate the Device Name. Click the + icon in the upper right portion of the Panorama interface to add a new filter. Enter the name for the filter, then click Save. Click the Load Filter icon. Select the newly created filter to display the logs for the individual Cloud Device Group.

    Prerequisites for Configuring Cloud NGFW Log Collection Using Panorama

    This section describes the prerequisites for configuring Panorama to collect logs for your Cloud NGFW for Azure resources.
    1. If you intend to store logs in Panorama, you must configure your Panorama virtual appliance to run in Panorama Mode with an extra attached disk for log storage. Click here for more information.
    2. If you deployed your Panorama virtual appliance behind another firewall, the policy configuration on that firewall must allow TCP connections from the hub vNET/vWAN on the following ports: 3978, 28443, 28270.
    3. If you configured the Cloud Device Group for your Azure plugin to use a public IP address to communicate with Panorama, a public IP address must be configured on the Panorama management interface.
    4. Configure a managed collector with an S/N and a disk.
      The status must be GREEN, and in sync:
    5. Push to the log collector Group; explicitly push to the Collector Group to resolve synchronization issues noted in the previous step. This step is necessary. In Panorama, select Push to devices > Edit Selections > Collector Group.
    6. Configure the collector group with the managed collector.
    7. The Cloud Device Group must have the log collector Group selected before deploying the Cloud NGFW; you can't perform this task after deploying your Cloud NGFW.
    8. Configure the log forwarding profile. Create this profile under the Cloud Device Group and configure it to forward the required log types to Panorama.
    9. Configure log forwarding in the Security policy rules.
    10. If you're using a Dedicated Log Collector, you must configure a destination-based service route for the log collector’s IP address.
      Also configure an explicit policy rule to allow traffic to the log collector IP address.
      When using Panorama for policy management and log collection, consider that the Cloud NGFW connects to Panorama using a private IP address. If you have configured a public IP address on the management node the log collector uses the public IP address. For more information about this behavior, refer to this knowledge base article in the Customer Support Portal.
    11. If you intend to use Panorama to collect system-level logs, configure the Log Settings under the device template:

    © 2024 Palo Alto Networks, Inc. All rights reserved.