Custom PAN-OS Metrics Published for Monitoring
PAN-OS® metrics published to public cloud monitoring systems such as AWS® CloudWatch, Azure® Application Insights, and Google® Stackdriver.
The firewall natively publishes the following metrics to monitoring systems in the public cloud such as AWS® CloudWatch, Azure® Application Insights, and Google® Stackdriver. These metrics allow you to assess firewall performance and usage patterns so that you can set alarms and take action to automate events such as launching or terminating instances of the VM-Series firewalls. Because these metrics are published through content updates on the firewall, make sure that you have the minimum content release version that is required to enable this capability on your VM-Series firewall.
Dataplane CPU Utilization (%)
Monitors dataplane CPU usage and measures the traffic load on the firewall.
Dataplane Packet Buffer Utilization (%)
Monitors dataplane buffer usage and measures buffer utilization. If you have a sudden burst in traffic, monitoring your buffer utilization allows you to ensure that the firewall does not deplete the dataplane buffer, which results in dropped packets.
GlobalProtect™ Gateway Active Tunnels
Monitors the number of active GlobalProtect sessions on a firewall deployed as a GlobalProtect gateway. Use this metric if you use this VM-Series firewall as a VPN gateway to secure remote users. Check the datasheet for the maximum number of active tunnels supported for your firewall model.
GlobalProtect Gateway Tunnel Utilization (%)
Monitors the active GlobalProtect tunnels on a gateway and measures tunnel utilization. Use this metric if you use this VM-Series firewall as a VPN gateway to secure remote users.
Monitors the total number of sessions that are active on the firewall. An active session is a session that is in the flow lookup table for which packets will be inspected and forwarded, as required by policy.
Session Utilization (%)
Monitors the TCP, UDP, ICMP and SSL sessions that are currently active and the packet rate, new connection establish rate, and firewall throughput to determine session utilization.
Monitors the percentage of SSL forward proxy sessions with clients for SSL/TLS decryption.
To publish these metrics, see:
Enable CloudWatch Monitoring on the VM-Series Firewall
Enable CloudWatch Monitoring on the VM-Series Firewall The VM-Series firewall on AWS can publish native PAN-OS metrics to AWS CloudWatch, which you can use to ...
About the VM-Series Firewall
About the VM-Series Firewall The Palo Alto Networks VM-Series firewall is the virtualized form of the Palo Alto Networks next-generation firewall. It is positioned for ...
Enable Google Stackdriver Monitoring on the VM Series Firewall
Monitor PAN-OS metrics from Google® Stackdriver. Understand what you can accomplish with your project’s default service account, compared to a user’s service account. ...
Enable Azure Application Insights on the VM-Series Firewall
Publish firewall performance metrics to Application Insights. ...
VM-Series Firewall on Google Cloud Platform
Deploy the VM-Series firewall from Google Cloud Platform Marketplace, enable Google Stackdriver monitoring, and enable VM-Series firewalls to monitoring Google Compute Engine instances. ...
Device > Setup > Operations
Device > Setup > Operations You can perform the following tasks to manage the running and candidate configurations of the firewall and Panorama™. If you’re ...
Customize the Firewall Template Before Launch (v2.0 and v2.1)
Lists the settings you can modify before you launch the template ...
Interface Used for Accessing External Services on the VM-Series Firewall
Interfaces that the VM-Series firewall uses for making API calls. ...
Describes all the exciting new capabilities in PAN-OS® 8.1 for the VM-Series firewall. ...