Monitor Cloud NGFW for AWS
Focus
Focus
Cloud NGFW for AWS

Monitor Cloud NGFW for AWS

Table of Contents

Monitor Cloud NGFW for AWS

Learn how to monitor your Cloud NGFW resrouce.
Where Can I Use This?What Do I Need?
  • Cloud NGFW for AWS
  • Cloud NGFW subscription
  • Palo Alto Networks Customer Support Account (CSP)
  • AWS Marketplace account
  • User role (either tenant or administrator)
You can monitor the service's overall health and gain deep insights into traffic and operations using Cloud NGFW for AWS logs and metrics.
To monitor the overall health of the Cloud NGFW service, check the Palo Alto Networks status page. This page provides region-specific status information and allows you to subscribe to service notifications, ensuring you are aware of any ongoing service events.

Traffic and Threat Logs

Cloud NGFW publishes a variety of logs to help you monitor traffic and threats for analysis and compliance. These traffic and threat logs provide detailed information about network sessions passing through your Cloud NGFW resource. Analyze permitted and denied traffic, inspect source/destination IP addresses, URLs, port numbers, and protocols. This data is crucial for understanding traffic patterns, identifying potential security threats, and troubleshooting connectivity issues. These can be streamed to other AWS services for analysis and alarming.
  • Destinations:
    • Amazon CloudWatch: Stream logs for real-time monitoring and analysis.
    • Amazon S3 bucket: Store logs for long-term retention and further investigation.
    • Amazon Kinesis Firehose: Stream logs to third-party providers for integration with external analytic platforms.
    • Strata Logging Service: Stream logs to Palo Alto Networks Strata Logging Service for real-time monitoring and advanced analysis.
  • Viewing Logs:
    • AWS: Use the AWS Cloudwatch console.
    • Palo Alto Networks: Use the Strata Cloud Management (SCM) and Panorama log viewer.

Performance and Health Metrics

Cloud NGFW publishes a variety of metrics to help you monitor resource health, performance, and traffic usage. These resources assess the overall health of your Cloud NGFW resources, identify performance bottlenecks, and detect anomalies.
  • Monitoring: Cloud NGFW streams these metrics to a CloudWatch namespace in your AWS account. You can use these metrics to access historical performance data. You can also set alarms that monitor specific thresholds and send notifications when these thresholds are reached.

Audit Logs

Audit logs track user and API activity within your Cloud NGFW tenant. These logs help you audit operations related to firewall resources, such as creating, updating, or deleting rules and policies. Reviewing these logs helps maintain a historical record of configuration changes and ensures compliance with security requirements.
  • Destination: Cloud NGFW streams audit logs to Amazon CloudWatch tracking all tenant activity.
  • Viewing Logs: Use the AWS Cloudwatch console.