Focus

Next-Generation Firewall

Assess Network Traffic

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1 (EoL)
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

Set Up a Basic Security Policy

Enable Free WildFire Fowarding on Your NGFW

Assess Network Traffic

Assess your network traffic to ensure the security of your data.

Where Can I Use This?	What Do I Need?
NGFW	One of these licenses for Strata Cloud Manager managed NGFWs: Strata Cloud Manager Essentials Strata Cloud Manager Pro

Maintaining optimal network health for your NGFWs is essential for ensuring robust security posture, reliable performance, and operational efficiency across your infrastructure. Regular assessment of NGFW health involves monitoring key performance indicators, analyzing system resource utilization, reviewing hardware and software status, and evaluating traffic processing capabilities to identify potential bottlenecks or security gaps before they impact your network. By establishing comprehensive health monitoring practices, administrators can proactively address issues such as high CPU utilization, memory constraints, interface congestion, and policy inefficiencies while ensuring that security services like threat prevention, URL filtering, and application identification continue to operate at peak effectiveness. Whether managing a single firewall or a distributed security architecture, systematic health assessment provides the visibility and insights necessary to optimize configuration settings, plan capacity requirements, and maintain the high availability and performance standards that modern networks demand.

Assess Network Traffic (SCM)

Learn about how to assess network traffic in your Strata Cloud Manager managed NGFWs.

Now that you have a basic security policy, you can review the statistics and data in the Strata Cloud Manager Command Center, Activity Insights, and its various dashboards.

Use this information to identify where you need to create more granular security policy rules:

Use the Command Center
In the Command Center, review the most used applications and the high-risk applications on your network. The Command Center is a visualized overview of your network and security infrastructure. It provides you with four different views, each with its own tracked data, metrics, and actionable insights to examine and interact with.
Use Activity Insights
Activity Insights gives you an in-depth view of your network activities across Prisma Access and NGFW deployments. Activity Insights unifies your network data such as network traffic, application usage, threats, and user activities in one place.
Evaluate Your Security Policy
You can use built-in security checks to evaluate the strength of your security rules and policy and determine if any of the following is needed:
- Whether to allow web content based on schedule, users, or groups.
- Allow or control certain applications or functions within an application.
- Decrypt and inspect content.
- Allow but scan for threats and exploits.
- For information on refining your security policies and for attaching custom security profiles, see how to create a security policy rule and security profiles.
For information on refining your security policies and for attaching custom security profiles, see how to create a security policy rule and security profiles.
View Incidents
Strata Cloud Manager provides a unified incidents and alerts framework. In one place, view, investigate, and address the alerts and incidents on your network, and jump to your logs to examine the associated activity.
Monitor Your Network
Monitor the health and security of everything on your network, and use the IoC Search to investigate the history of an artifact on your network and review global analysis findings. What you can monitor depends on your active security subscriptions.

Assess Network Traffic (PAN-OS)

Learn about the various ways you can assess network traffic in PAN-OS.

Now that you have a basic security policy, you can review the statistics and data in the Application Command Center (ACC), traffic logs, and the threat logs to observe trends on your network. Use this information to identify where you need to create more granular security policy rules.

Use the Application Command Center and the automated correlation engine.

In the ACC, review the most used applications and the high-risk applications on your network. The ACC graphically summarizes the log information to highlight the applications traversing the network, who is using them (with User-ID enabled), and the potential security impact of the content to help you identify what is happening on the network in real time. You can then use this information to create appropriate security policy rules that block unwanted applications, while allowing and enabling applications in a secure manner.

The Compromised Hosts widget in ACCThreat Activity displays potentially compromised hosts on your network and the logs and match evidence that corroborates the events.
Determine what updates/modifications are required for your network security policy rules and implement the changes.
For example:
- Evaluate whether to allow web content based on schedule, users, or groups.
- Allow or control certain applications or functions within an application.
- Decrypt and inspect content.
- Allow but scan for threats and exploits.
For information on refining your security policies and for attaching custom security profiles, see how to create a security policy rule and security profiles.
View Logs.

Specifically, view the traffic and threat logs (MonitorLogs).

Traffic logs are dependent on how your security policies are defined and set up to log traffic. The Application Usage widget in the ACC, however, records applications and statistics regardless of policy configuration; it shows all traffic that is allowed on your network, therefore it includes the inter-zone traffic that is allowed by policy and the same zone traffic that is allowed implicitly.
Configure Log Storage Quotas and Expiration Periods.

Review the AutoFocus intelligence summary for artifacts in your logs. An artifact is an item, property, activity, or behavior associated with logged events on the NGFW. The intelligence summary reveals the number of sessions and samples in which WildFire detected the artifact. Use WildFire verdict information (benign, grayware, malware) and AutoFocus matching tags to look for potential risks in your network.

AutoFocus tags created by Unit 42, the Palo Alto Networks threat intelligence team, call attention to advanced, targeted campaigns and threats in your network.

From the AutoFocus intelligence summary, you can start an AutoFocus search for artifacts and assess their pervasiveness within global, industry, and network contexts.
Monitor Web Activity of Network Users.

Review the URL filtering logs to scan through alerts, denied categories/URLs. URL logs are generated when a traffic matches a security rule that has a URL filtering profile attached with an action of alert, continue, override or block.

Set Up a Basic Security Policy

Enable Free WildFire Fowarding on Your NGFW

Next-Generation Firewall Docs

Assess Network Traffic

Next-Generation Firewall Docs

Assess Network Traffic

Assess Network Traffic (SCM)

Assess Network Traffic (PAN-OS)

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner