Define Alarm Settings
- Device > Log Settings
Use the Alarm Settings to configure Alarms for the CLI and the web interface. You can configure notifications for the following events:
- A security rule (or group of rules) has been matched at a specified threshold and within a specified time interval.
- Encryption/Decryption failure threshold is met.
- The Log database for each log type is nearing full; the quota by default is set to notify when 90% of the available disk space is used. Configuring alarms allows to take action before the disk is full, and logs are purged.
When you enable alarms, you can view the current list by clicking Alarms ( ) in the bottom of the web interface.
To add an alarm, edit the Alarm Settings described in the following table.
Alarm Log Settings
Alarms are visible only if you Enable Alarms.
If you disable alarms, the firewall does not alert you to critical events that require action. For example, an alarm tells you when the master key is about to expire; if the key expires before you change it, the firewall reboots into Maintenance mode and then requires a factory reset.
Enable CLI Alarm Notifications
Enable CLI alarm notifications whenever alarms occur.
Enable Web Alarm Notifications
Open a window to display alarms on user sessions, including when they occur and when they are acknowledged.
Enable Audible Alarms
An audible alarm tone will play every 15 seconds on the administrator's computer when the administrator is logged into the web interface and unacknowledged alarms exist. The alarm tone will play until the administrator acknowledges all alarms.
To view and acknowledge alarms, click Alarms.
This feature is only available when the firewall is in FIPS-CC mode.
Encryption/Decryption Failure Threshold
Specify the number of encryption/decryption failures after which an alarm is generated.
<Log-type> Log DB
Generate an alarm when a log database reaches the indicated percentage of the maximum size.
Security Violations Threshold /
Security Violations Time Period
An alarm is generated if a particular IP address or port hits a deny rule the specified number of times in the Security Violations Threshold setting within the period (seconds) specified in the Security Violations Time Period setting.
Violations Threshold /
Violations Time Period /
Security Policy Tags
An alarm is generated if the collection of rules reaches the number of rule limit violations specified in the Violations Threshold field during the period specified in the Violations Time Period field. Violations are counted when a session matches an explicit deny policy.
Use Security Policy Tags to specify the tags for which the rule limit thresholds will generate alarms. These tags become available to be specified when defining security policies.
The selective audit options are only available when the firewall is in FIPS-CC mode.
Specify the following settings:
Alarms Logs An alarm is a firewall-generated message indicating that the number of events of a particular type (for example, encryption and decryption failures) has ...
Alarms An alarm is a firewall-generated message indicating that the number of events of a particular type (for example, encryption and decryption failures) has exceeded ...
Enable CloudWatch Monitoring on the VM-Series Firewall
Enable CloudWatch Monitoring on the VM-Series Firewall The VM-Series firewall on AWS can publish native PAN-OS metrics to AWS CloudWatch, which you can use to ...
Log Types Monitor Logs The firewall displays all logs so that role-based administration permissions are respected. Only the information that you are permitted to see ...
Device > Master Key and Diagnostics
Device > Master Key and Diagnostics Device Master Key and Diagnostics Panorama Master Key and Diagnostics Edit the master key that encrypts all passwords and ...
Use VMware Tools on the VM-Series Firewall on ESXi and vClo...
Use VMware Tools on the VM-Series Firewall on ESXi and vCloud Air The VMware Tools utility improves VM-Series firewall management from vCenter server and vCloud ...
Flood Protection Network > Network Profiles > Zone Protection > Flood Protection Configure a profile that provides flood protection against SYN, ICMP, ICMPv6, SCTP INIT, ...
DoS Protection Option/Protection Tab
DoS Protection Option/Protection Tab Select the Option/Protection tab to configure options for the DoS Protection policy rule, such as the type of service to which ...
Objects > Security Profiles > DoS Protection
Objects > Security Profiles > DoS Protection DoS Protection profiles are designed for high-precision targeting and they augment Zone Protection profiles. A DoS Protection profile ...