Palo Alto application data missing from Netflow
We havebeen able to get Netflow data working for a Palo Alto PA-820 firewall, but we are not seeing the application data show up. Does anyone have any suggestions on next steps we could take? Here is what has been done so far: Netflow profile has been configured on the Palo Alto side and assigned to the interface, including selecting the PAN-OS Field Types to get the App-ID and User-ID (https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/netflow-monitoring/configure-netflow-exports) nbarhas been enabled on the collector: # enable netflow support for NBAR, IPV6 and Multicast fields netflow.nbar.enabled=true # enable netflow support for IPV6 fields netflow.ipv6.enabled=true Collector version is 34.003 We’re seeing everything we expect except the app & systemsdata on the Traffic tab for the device: Any thoughts on what we might be missing? Thank you. :-)Need help on PaloAlto_FW_RunningConfigXML API configsource
Currently, the sole option is to collect/view the configuration xml when a change occurs. So,IsthereawayinLMtogenerateareportusingthePaloAlto_FW_RunningConfigXMLAPIconfigsource? or Is it possible to collect the configuration backup at any specific time interval? Thanks in advance :)
Palo Alto Prisma SD-WAN (formerly CloudGenix)
We have developed new Prisma SD-WAN modules that use the Unified SASE SD-WAN API to monitor ION performance, health, tunnels… We’re looking for customers who already monitor their ION devices via SNMP that would be interested/willing to work with us to verify that that data we’re collecting via Palo Alto’s API matches what we get with SNMP. Two requirements: You are currently monitoring discrete ION devices via SNMP Your CloudGenix portal has been migrated to Prisma Cloud. If you meet these requirements and would like to be considered for pre-release environment verification, please DM me. This pre-release testing would involve LM running some Palo Alto Prisma Unified SASE SD-WAN API calls to compare the results against what we get from SNMP. This does not involve/required adding modules to your portal. However, after this environment verification, we’d be happy to work with you as an early adopter of the new modules.Generally Availability Announcement: Palo Alto Prisma SD-WAN modules
Today, new Palo Alto Prisma SD-WAN (formerly CloudGenix) modules are generally available via LM Exchange. The link to the product documentation is →https://www.logicmonitor.com/support/palo-alto-prisma-sd-wan-monitoring#h-compatibility
Can LM Config Monitor and Alert on Palo Firewall Rules Changes ?
Hi ! My customer wants to be able to generatea weekly report on any changes made in the rules of their Palo Alto firewalls (hundreds) whether this is done as part of a template push or a one-off. Is this something that LM Config can provide ? Cheers, Scott H