Hey everyone! I'm new to the sysadmin role and have been diving into using Palo Alto firewalls, specifically the PA-450s. I need to track the VPN usage and analyze bandwidth, internet connection stats, and overall firewall activity. I've looked into it and it seems that the PA firewalls don't support this natively. Can anyone recommend the quickest and easiest way to set this up so I can gather useful data in the coming weeks? Thanks!
4 Answers
If you're using Strata Cloud Manager, you should be able to extract interface utilization from there. Check out the options available in the UI for some insights.
You can use LibreNMS for tracking bandwidth and traffic, and it's free! Just set it up on a Linux system with SNMPv3 configured on your firewall. For VPN usage, if you’re using GlobalProtect, look for the tunnel interface related to it. It's important to note that while LibreNMS is great for bandwidth, it won't track other stats like blocked threats or application usage. You might need to generate those reports directly from the firewall instead of Strata Cloud Manager unless you have the AI Ops license for that.
There are a couple of 'easy' methods:
1. Use the ACC menu to filter by your tunnel interface. You'll get some useful charts, albeit not overly detailed.
2. Alternatively, you can review the traffic logs for the last 24 hours, filtering by the tunnel interface, and analyze the data to aggregate AppID and the bytes transferred. That’s how I tracked down bandwidth issues in the past. However, for long-term bandwidth tracking, you’ll need a NetFlow monitoring solution or watch the QoS screen in real-time.
I also use LibreNMS for my PA-450s. It works well for monitoring GlobalProtect since it shows bandwidth through its own tunnel interface. Definitely a solid option if you can get Linux set up.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures