Palo Alto
Overview
Palo Alto Firewall, the advanced and sophisticated firewall solutions by Palo Alto Networks, seamlessly integrate with Motadata AIOps to provide comprehensive monitoring and management capabilities. With this integration, organizations gain real-time visibility into the performance and security of their Palo Alto Firewalls. Monitor critical firewall metrics such as traffic patterns, connection status, and threat activity to ensure a secure and protected network environment.
Prerequisites
Refer Adding network devices for monitoring to understand the prerequisites necessary for monitoring a network device.
List of Supported KPIs
| Metrics | Description | Type |
|---|---|---|
| ping.min.latency.ms | Minimum latency (in milliseconds) observed during ping | Count |
| ping.received.packets | Number of packets received during ping | Count |
| ping.lost.packets | Number of packets lost during ping | Count |
| ping.max.latency.ms | Maximum latency (in milliseconds) observed during ping | Count |
| object.target | Target object identifier | String |
| ping.sent.packets | Number of packets sent during ping | Count |
| ping.packet.lost.percent | Percentage of packet loss during ping | Percent |
| ping.latency.ms | Average latency (in milliseconds) observed during ping | Count |
| system.oid | System Object Identifier | String |
| started.time.sec | Uptime in Seconds for the monitor | Count |
| started.time | Uptime of the monitor | String |
| object.name | Name of the monitor | String |
| system.location | Location of the monitor | String |
| system.description | Description of the monitor | String |
| correlation.metrics | Correlation metrics between network connections | String |
| network.connection.tcp.connections | Number of TCP connections | Count |
| network.connection.udp.connections | Number of UDP connections | Count |
| network.connection.udp.error.segments | Number of UDP error segments | Count |
| network.connection.tcp.error.segments | Number of TCP error segments | Count |
| network.connection.tcp.retransmitted.segments | Number of TCP retransmitted segments | Count |
| destination.ip | Destination IP address | String |
| destination.port | Destination port number | Count |
| network.connection.protocol | Protocol used for network connection | Count |
| network.connection.state | State of the network connection | String |
| source.ip | Source IP address | String |
| source.port | Source port number | Count |
| interface.sent.discard.packets | Number of discarded packets sent on the interface | Count |
| interface.in.packets | Number of incoming packets on the interface | Count |
| interface.packets | Number of packets on the interface | Count |
| interface.error.packets | Number of error packets on the interface | Count |
| interface.sent.error.packets | Number of error packets sent on the interface | Count |
| interface.received.discard.packets | Number of discarded packets received on the interface | Count |
| interface.received.octets | Number of octets received on the interface | Count |
| interface.bit.type | Bit type of the interface | Count |
| status | Status of the interface | String |
| interface.out.packets | Number of outgoing packets on the interface | Count |
| interface.operational.status | Operational status of the interface | String |
| interface.admin.status | Admin status of the interface | Count |
| interface.sent.octets | Number of octets sent on the interface | Count |
| interface.last.change | Last change of the interface | String |
| interface.received.error.packets | Number of error packets received on the interface | Count |
| interface.discard.packets | Number of discarded packets on the interface | Count |
| started.time | Uptime of the interface | String |
| started.time.sec | Uptime in seconds of the interface | String |
| system.os.version | The version of the operating system running on the SNMP device. | String |
| system.hardware.version | The version of the hardware of the SNMP device. | String |
| system.serial.no | The serial number of the SNMP device. | String |
| paloalto.vpn.client.version | The version of the VPN client installed on the SNMP device. | String |
| paloalto.application.version | The version of the application installed on the SNMP device. | String |
| paloalto.antivirus.version | The version of the antivirus software installed on the SNMP device. | String |
| paloalto.threat.version | The version of the threat intelligence data installed on the SNMP device. | String |
| paloalto.url.filtering.version | The version of the URL filtering database installed on the SNMP device. | String |
| paloalto.global.protect.version | The version of the GlobalProtect client installed on the SNMP device. | String |
| paloalto.opswat.datafile.version | The version of the OPSWAT data file installed on the SNMP device. | String |
| paloalto.session.percent | The percentage of sessions currently active on the PaloAlto firewall. | Percentage |
| paloalto.active.sessions | The number of active sessions on the PaloAlto firewall. | Count |
| paloalto.tcp.active.sessions | The number of active TCP sessions on the PaloAlto firewall. | Count |
| paloalto.udp.active.sessions | The number of active UDP sessions on the PaloAlto firewall. | Count |
| paloalto.icmp.active.sessions | The number of active ICMP sessions on the PaloAlto firewall. | Count |
| paloalto.ssl.proxy.active.sessions | The number of active SSL proxy sessions on the PaloAlto firewall. | Count |
| paloalto.ssl.proxy.session.percent | The percentage of SSL proxy sessions currently active on the PaloAlto firewall. | Percentage |
| paloalto.maximum.sessions | The maximum number of sessions that the PaloAlto firewall can handle. | Count |
| paloalto.vsys.active.sessions | The number of active sessions for a specific virtual system (vsys) on the PaloAlto firewall. | Count |
| paloalto.vsys.maximum.sessions | The maximum number of sessions supported for a specific virtual system (vsys). | Count |
| paloalto.vsys.session.used.percent | The percentage of sessions used for a specific virtual system (vsys) on the PaloAlto firewall. | Percentage |
| system.cpu.percent | The CPU utilization percentage of the SNMP device. | Percentage |
| system.1min.avg.cpu.percent | The average CPU utilization percentage over the last one minute on the SNMP device. | Percentage |
| system.memory.used.percent | The percentage of used memory on the SNMP device. | Percentage |
| system.disk.volume.type | The type of disk volume on the SNMP device. | String |
| system.disk.volume | The name of the disk volume on the SNMP device. | String |
| system.disk.volume.capacity.bytes | The total capacity of the disk volume in bytes on the SNMP device. | Count |
| system.disk.volume.used.bytes | The used space in bytes on the disk volume of the SNMP device. | Count |
| system.disk.volume.used.percent | The percentage of used space on the disk volume of the SNMP device. | Percentage |
| paloalto.ha.state | The state of high availability (HA) on the PaloAlto firewall. | String |
| paloalto.ha.peer.state | The state of the HA peer on the PaloAlto firewall. | String |
| paloalto.ha.mode | The mode of high availability (HA) on the PaloAlto firewall. | String |
| tunnel.life.time.sec | The lifetime duration of the tunnel in seconds. | Count |
| tunnel.active.time.sec | The time duration that the tunnel has been active in seconds. | Count |
| tunnel | The identifier or name of the tunnel. | String |
| tunnel.source.ip.address | The source IP address of the tunnel. | String |
| tunnel.out.traffic.bytes.rate | The rate of outgoing traffic in bytes per second through the tunnel. | Count |
| tunnel.in.traffic.bytes.rate | The rate of incoming traffic in bytes per second through the tunnel. | Count |
| tunnel.destination.ip.address | The destination IP address of the tunnel. | String |
| tunnel.name | The name or label assigned to the tunnel. | String |
| tunnel.status | The current status of the tunnel. | String |
| remote.vpn.active.connections | The number of active VPN connections from remote clients. | Count |
| remote.vpn.client.in.traffic.bytes.rate | The incoming traffic rate in bytes per second for VPN clients. | Count |
| remote.vpn.client.out.traffic.bytes.rate | The outgoing traffic rate in bytes per second for VPN clients. | Count |
| remote.vpn.client.protocol | The communication protocol used by the VPN client. | String |
| remote.vpn.client.encryption.algorithm | The encryption algorithm used by the VPN client. | String |
| remote.vpn.client | The identifier or name of the remote VPN client. | String |
| remote.vpn.client.duration.sec | The duration of the VPN client connection in seconds. | Count |
| remote.vpn.client.app.version | The version of the VPN client application. | String |
| remote.vpn.client.duration | The duration of the VPN client connection. | String |
| remote.vpn.client.status | The status of the VPN client connection. | String |
| remote.vpn.user.group | The user group associated with the remote VPN client. | String |
| remote.vpn.client.app | The application name of the remote VPN client. | String |