Focus

NGFW Cluster Summary and Monitoring

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Configure an NGFW Cluster

Monitoring

NGFW Cluster Summary and Monitoring

View information about an NGFW Cluster and its health.

After you Configure an NGFW Cluster, you can view the summary and monitoring information about the cluster.

The CN-Series and PA-Series cluster plugin visibility data is not in real time; it's delayed by five minutes.

The prerequisites for cluster summary and monitoring are:

You must EnableFirewall Clusters from the PanoramaAdmin RolesWeb UI list (enabled by default). For more information, see Configure an Admin Role Profile.
You must install the Panorama Clustering Plugin (a version that is compatible with the Panorama version you're running) from PanoramaPlugins. Scroll to clustering plugin.

Summary View

View the cluster summary under PanoramaFirewall ClustersSummary View. In the Clusters field, select PA-Series (or All Clusters).

Field	Description
Cluster Name	Name of the firewall cluster.
Software Version	PAN-OS version.
Plugins Used on Cluster	List of plugins used on the cluster.
Device Group	Name of the device group associated with the cluster.
Template Stack	Name of the template stack associated with the cluster.
Cluster Type	Type of cluster, such as PA or CN.
Cluster State	Displays the health of the cluster, which is derived from node status of all nodes in the cluster. Cluster state will be: OK if all nodes are in ONLINE state. IMPACTED if there is at least one node in ONLINE state and another node isn't in ONLINE state. ERROR if there is not a single node in ONLINE state.
Members Affected	Number of impacted cluster members and their names.
System Log Details	Displays the details of the system events.
Specific Error	List of specific errors in the cluster. Click the link to view more details about the error under MonitorLogsSystem where you can view logs.
Pod Name	(`CN-Series cluster only`) Name of the pod.
CPU Count	Number of CPUs used.
Config Sync Status	(`PA-Series Clusters only`) Config synchronization status between Panorama and the firewalls in the PA cluster. Status can be In Sync or Out of Sync. After you successfully add firewalls to the cluster, commit, and push, the Config Sync Status displays as In Sync.
Last Commit State	(`PA-Series cluster only`) State of the last attempted commit (not the actual state of the cluster): commit failed commit succeeded commit succeeded with warnings commit reverted
Node Sync Status	(`PA-Series cluster only`) Synchronization status of the Node Flow Table: IN_SYNC UPDATING OUT_OF_SYNC
Node Status	(`PA-Series Clusters only`) Possible status of a cluster node: UNKNOWN—Clustering is not enabled. Node remains in this state until a cluster configuration push from Panorama or a commit enables clustering. INIT—Node transitions from UNKNOWN to INIT after clustering is enabled. Node remains in INIT state until cluster initialization of node is complete. Node transitions to ONLINE after a timeout. ONLINE—Node is passing traffic and working as expected. DEGRADED—Node transitions to DEGRADED when a soft fault occurs. Node can transition back to INIT if all the faults are resolved. FAILED—Node transitions to FAILED state when a hard fault occurs. SUSPENDED—Triggered by administrator. Another cause of SUSPENDED state is if a node state flaps to DEGRADED or FAILED state repeatedly; the node is SUSPENDED after six flaps. An administrator can unsuspend the node. SUSPENDED state has traffic ports down and doesn't allow L7 continuity.

Monitoring

Monitor the health information of the PA-Series (NGFW) cluster under PanoramaFirewall ClustersMonitoring. In the Clusters field, select PA-Series (or All Clusters).

The CN-Series and PA-Series cluster plugin visibility data is not in real time; it's delayed by five minutes.

Field	Description
Clusters	Select the Cluster type PA-Series.
Impacted	List of impacted clusters. PA Clusters—Number of impacted PA-Series clusters out of total PA-Series Clusters, Clusters List—Displays the list of clusters that are impacted. Click to view detailed information about the clusters in the Cluster Utilization and Interconnect Status dashboards.
OK	List of clusters that aren't impacted. PA Clusters—Number of PA-Series clusters that aren't impacted out of total PA-Series Clusters. Clusters List—Displays the list of clusters that aren't impacted. Click to view detailed information about the clusters in the Cluster Utilization and Interconnect Status dashboards.

Click in the Monitoring window or select a cluster to view Cluster Utilization.

Field	Description
Dashboard	Select to switch views between Cluster Status - OK and Cluster Status - Impacted.
Timeframe	Select timeframe of data displayed: Last 5 Mins Last Hr Last 6 Hrs Last 12 Hrs Last 24 Hrs Last Calendar Day Custom—Select Start Date and time, End Date and time, and click OK. The CN-Series and PA-Series cluster plugin visibility data is not in real time; it's delayed by five minutes.
Cluster Name	Name of the firewall cluster.
Cluster Type	Type of cluster (CN or PA).
Cluster State	Displays the health of the cluster, which is derived from node status of all nodes in the cluster. Cluster state will be: OK if all nodes are in ONLINE state. IMPACTED if there is at least one node in ONLINE state and another node isn't in ONLINE state. ERROR if there is not a single node in ONLINE state.
Cluster Throughput	Firewall cluster throughput in Gbps.
CPS	Number of connections per second.
Session Count	Number of sessions.
Avg DP CPU %	Average DP CPU utilization over the selected time period.
MP CPU %	Management plan CPU utilization in percentage.
MP Memory %	Management plan memory utilization in percentage.
Logging Rate (Log/Sec)	Rate at which the logs are being generated on the cluster.
DP Auto-Scale Status	Dataplane autoscale details.
Tables Used	(`PA-Series cluster only`) Entries in the node flow table that are in use.
Table Max	(`PA-Series cluster only`) Total possible number of entries in the node flow table.

Click in the Monitoring window or select a cluster to view Interconnect Status.

Field	Description
Dashboard	Select to switch views between Cluster Status - OK and Cluster Status - Impacted.
Timeframe	Select timeframe of data displayed: Last 5 Mins Last Hr Last 6 Hrs Last 12 Hrs Last 24 Hrs Last Calendar Day Custom—Select Start Date and time, End Date and time, and click OK. The CN-Series and PA-Series cluster plugin visibility data is not in real time; it's delayed by five minutes.
Cluster Name	Name of the firewall cluster.
Cluster Type	Type of cluster (CN or PA).
Cluster Creation Time	The time of cluster creation.
Cluster State	Displays the health of the cluster, which is derived from node status of all nodes in the cluster. Cluster state will be: OK if all nodes are in ONLINE state. IMPACTED if there is at least one node in ONLINE state and another node isn't in ONLINE state. ERROR if there is not a single node in ONLINE state. Click the cluster state link to view more details about the impacted cluster.
Cluster Interconnect State	Displays cluster interconnectivity. Click the interconnect state link to view more details about the impacted cluster.
Traffic Interconnect	Status of traffic interconnectivity.
External Connection	Status of external connectivity.
Impacted Links	(`CN-Series cluster only`) Number of impacted links.
Management Connectivity	(`CN-Series cluster only`) Number of management connections.
Impacted Members	(`CN-Series cluster only`) List of impacted cluster members.
Time Stamp Uptime	(`CN-Series cluster only`) Uptime time stamp.
Time Stamp Downtime	(`CN-Series cluster only`) Downtime time stamp.

Configure an NGFW Cluster

Monitoring

Next-Generation Firewall Docs

NGFW Cluster Summary and Monitoring

Next-Generation Firewall Docs

NGFW Cluster Summary and Monitoring

Summary View

Monitoring

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner