By Greg Ross • Jan 25, 2018
Trust, Security, Palo Alto: A PRTG Use Case
Palo Alto Networks based in Santa Clara, California provides their 45,000+ customers in 150+ countries a "Next-Generation Security Platform" through their firewalls and security management tools. Palo Alto Networks is the security company maintaining trust in the digital age by helping organizations prevent cyber breaches.
Palo Alto's cybersecurity expertise and security platform allows customers to confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. Thousands of administrators across every industry are utilizing the Palo Alto platform to control and protect their critical systems and most valued data assets.
It's great to have an industry leading security appliances in place but what if the device or network connected to it has an issue? How do you maintain visibility to your Palo Alto devices along with the rest of your network simultaneously? How can you monitor your Palo Alto to ensure they are performing adequately and providing the level of protection you expect? Palo Alto devices provide administrators various ways of collecting data and points of integration for network telemetry and reporting.
Palo Alto devices are Linux based and support SNMP v2c and v3 while providing the SNMP mibs for polling specific aspects of these devices.
iSNMP stands for Simple Network Monitoring Protocol. Its usefulness in network administration comes from the fact that it allows information to be collected about network-connected devices in a standardized way across a large variety of hardware and software types. SNMP is a protocol for management information transfer in networks, for use in LANs especially, depending on the chosen version. Read more ...
Palo Alto also supports syslog messages and SNMP trap forwarding to an SNMP management station or syslog receiver. Along with these monitoring components include the ability to capture Netflow V9 packets for an aggregate view of bandwidth consumption by device, connection and protocol. SNMP access allows administrators to monitor uptime, health and interface traffic.
For details on how to configure SNMPv2 on the Palo Alto Networks firewall, please see this article.
Does PRTG Work With Palo Alto?
Of course! For those of you who are new or maybe not so new to PRTG Network Monitor and Palo Alto, you can obtain device status and performance with out of the box sensors from PRTG for monitoring each of your Palo Alto virtual or physical firewall appliances. SNMP is available to monitor Uptime, CPU load and interface traffic. In addition, the Palo Alto SNMP mibs are available to create custom sensors for other important metrics through the PRTG MIB Importer.
Custom SNMP Sensor Examples
|CPU util on management plane||hrProcessorLoad.1||220.127.116.11.18.104.22.168.22.214.171.124||HOST-RESOURCES-MIB|
|Utilization of CPUs on dataplane that are used for system functions||hrProcessorLoad.2||126.96.36.199.188.8.131.52.184.108.40.206||HOST-RESOURCES-MIB|
|Management plane memory and dataplane packet buffer||hrStorageTable||220.127.116.11.18.104.22.168.3||HOST-RESOURCES-MIB|
|GlobalProtect gateway utilization||panGPGatewayUtilization||22.214.171.124.4.1.254126.96.36.199.5.1||PAN-COMMON-MIB|
|GlobalProtect gateway % utilization||panGPGWUtilizationPct.0||188.8.131.52.4.1.254184.108.40.206.5.1.1||PAN-COMMON-MIB|
|GlobalProtect gateway max tunnels||panGPGWUtilizationMaxTunnels.0||220.127.116.11.4.1.25418.104.22.168.5.1.2||PAN-COMMON-MIB|
|GlobalProtect gateway active tunnels||panGPGWUtilizationActiveTunnels.0||22.214.171.124.4.1.254126.96.36.199.5.1.3||PAN-COMMON-MIB|
|% session utilization||panSessionUtilization.0||188.8.131.52.4.1.254184.108.40.206.3.1.0||PAN-COMMON-MIB|
|Max Sessions for the device||panSessionMax.0||220.127.116.11.4.1.25418.104.22.168.3.2.0||PAN-COMMON-MIB|
When you identify spikes and upward trends on your interfaces you will need Netflow for aggregate bandwidth monitoring. This can be setup quickly and easily on your device and forwarded to PRTG for analysis.
REST API Anyone?
One of our PRTG users wrote a PowerShell script for monitoring an IPSec VPN Tunnel via the rest API on a Palo Alto.
This is just another example of the customization and flexibility of PRTG to capture and monitor devices and services in countless ways. IT professionals need to collect as much data from their environment as possible to ensure everything is working properly.
Are you using PRTG to monitor your Palo Alto devices? What other ways have you found to monitor and track security related issues in your environment? Tell us below!