Enable VM Monitoring to Track VM Changes on Google Cloud Platform (GCP)
You can enable any firewall that runs PAN-OS 8.1 (virtual or physical) to monitor application workloads deployed on Google Compute Engine instances. VM Monitoring enables you to monitor a predefined set of metadata elements or attributes on the VM-Series firewall. In the PAN-OS 8.1 Administrator’s Guide, see Attributes Monitored on Virtual Machines in Cloud Platforms.
With an awareness of virtual machine adds, moves, and deletes within a Google VPC, you can create Security policy rules that automatically adapt to changes in your application environment. As you deploy or move virtual machines, the firewall collects attributes (or metadata elements). You can use this metadata for policy matching and to define Dynamic Address Groups (see Use Dynamic Address Groups to Secure Instances Within the VPC).
You can configure up to ten VM information sources on each firewall or on each virtual system on a firewall capable of multiple virtual systems. Information sources can also be pushed using Panorama templates.
To perform VM monitoring, you must have the IAM role Monitoring Metric Writer.
- Log in to your deployed firewall.
- Enable VM Monitoring.
- Select DeviceVM Information Sources.
- Add a VM information source
and enter the following information:
- Specify a Name to identify the instance that you want to monitor.
- Select the Google Compute Engine Type.
- Select Enabled.
- Choose the Service Authentication Type.
- If you choose VM-Series running in GCE, you are authenticating with the default service account generated when an instance is created. This is part of the instance metadata.
- (Optional) Modify the Update interval to a value between 5-600 seconds. By default the firewall polls every 5 seconds. The API calls are queued and retrieved every 60 seconds, an update takes up to 60 seconds plus the configured polling interval.
- (Optional) To change the number of hours before timeout, check Enable timeout when the source is disconnected and enter the Timeout (hours) before the connection to the monitored source is closed (range is 2 to 10; default is 2).If the firewall cannot access the host and the specified limit is reached, the firewall closes the connection to the source.
- Click OK and Commit your changes.
- Verify the connection status.If the connection status is pending or disconnected, verify that the source is operational and that the firewall is able to access the source. If you use a port other than the Management (MGT) port for communicating with the monitored source, then you must change the service route (select DeviceSetupServices, click Service Route Configuration, and modify the Source Interface for the VM Monitor service).
VM-Series Firewall on Google Cloud Platform
Deploy the VM-Series firewall from Google Cloud Platform Marketplace, enable Google Stackdriver monitoring, and enable VM-Series firewalls to monitoring Google Compute Engine instances. ...
Enable VM Monitoring to Track Changes on the Virtual Networ...
Enable VM Monitoring to Track Changes on the Virtual Network VM information sources provides an automated way to gather information on the Virtual Machine (VM) ...
Settings to Enable VM Information Sources for Google Comput...
Enable monitoring of GCE instances to consistently enforce policy for workloads. ...
Monitor Changes in the Virtual Environment
Monitor Changes in the Virtual Environment To secure applications and prevent threats in an environment where new users and servers are constantly emerging, your security ...
Device > VM Information Sources
Device > VM Information Sources Use this tab to proactively track changes on the Virtual Machines (VMs) deployed on any of these sources—VMware ESXi server, ...
Attributes Monitored in the AWS and VMware Environments
Learn about the attributes monitored on ESXi instances. ...
About the VM-Series Firewall on Google Cloud Platform
Prepare to deploy a VM-Series firewall on a Google® Compute Engine instance. ...
Enable Google Stackdriver Monitoring on the VM Series Firewall
Monitor PAN-OS metrics from Google® Stackdriver. Understand what you can accomplish with your project’s default service account, compared to a user’s service account. ...
Set Up the VM-Series Firewall on Google Cloud Platform
Deploy the VM-Series Firewall on a Google Cloud Engine instance. ...