: Enable Azure Application Insights on the VM-Series Firewall
Focus
Focus

Enable Azure Application Insights on the VM-Series Firewall

Table of Contents

Enable Azure Application Insights on the VM-Series Firewall

Publish firewall performance metrics to Application Insights.
The VM-Series firewall on Azure can publish custom PAN-OS metrics natively to Azure Workspace-based Application Insights that you can use to monitor the firewalls directly from the Azure portal. These metrics allow you to assess performance and usage patterns that you can use to set alarms and take action to automate events such as launching or terminating instances of the VM-Series firewalls. See Custom PAN-OS Metrics Published for Monitoring for a description on the metrics that are available.
  1. On the Azure portal, create your Workspace-based Application Insights to monitor the firewall and copy the
    Instrumentation Key
    from
    Configure
    Properties
    .
    The firewall needs this key to authenticate to the Application Insights instance and publish metrics to it. See VM-Series on Azure Service Principal Permissions for the permissions required.
  2. Enable the firewall to publish metrics to your Application Insights instance.
    1. Log in to the VM-Series firewall on Azure.
    2. Select
      Device
      VM-Series
      Azure
      .
    3. Edit
      Azure Application Insights
      and enter the Instrumentation Key you copied earlier.
      The default interval for publishing metrics is five minutes. You can change this to vary from 1-60 minutes.
    4. Commit
      your changes.
      The firewall generates a system log to it record the success or failure to authenticate to Azure Application Insights.
  3. Verify that you can view the metrics on the Azure Application Insights dashboard.
    1. On the Azure portal, select the Application Insights instance, and select
      Monitoring
      Metrics
      to view the PAN-OS custom metrics.
    2. Select the metric(s) that you want to monitor for trends and trigger alerts. Refer to the Microsoft Azure documentation for details on exploring metrics on Application Insights.

Migrate From Classic to Workspace-Based Application Insights

If you currently have classic Application Insights integrated with your VM-Series firewalls, you can use the following procedure to migrate your deployment to a workspace-based resource. For more information about migrating, visit the Azure documentation portal.
The migration process is permanent and cannot be reversed.
  1. Check if your current Application Insights resource is classic or workspace-based.
    1. Log in to the Azure portal.
    2. Select
      Resource Groups
      Application Insights
      Properties
      .
      If the Workspace field is empty, the Application Insights resource is classic. Continue with this procedure to migrate to a workspace-based resource.
  2. Create a Log Analytics workspace.
    1. From the Azure portal, select
      Log Analytics workspaces
      Create
      .
    2. Select the subscription and resource group associated with your current deployment.
    3. Enter an instance name for your new Log Analytics workspace using the following format.
      <resource-group-name>-workspaces
    4. Ensure that you select the region associated with your current deployment.
    5. Complete the creation of your new Log Analytics workspace.
    6. Return to your resource group you selected previously and verify that the new Log Analytics resource is present.
  3. Migrate your classic Application Insights resource to workspace-based resource.
    1. Select your classic Application Insights resource and then click
      Properties
      .
    2. Click
      Migrate to Workspace-based
      .
    3. On the
      Migrate to Workspace-based
      page, select the Log Analytics resource you created previously from the
      Log Analytics Workspace
      drop-down.
    4. Click
      Apply
      .
      The migration process is permanent and cannot be reversed.

Recommended For You