05-30-2024 07:00 AM
Hi All,
We recently had an issue where we saw the URL-Categories were unresolved and allowed user to access the blocked site. After investigation we identified that its a know issue with Palo version lower than 10.1.9, where the firewall will lose intermittently lose connectivity to PAN DB cloud. I am exploring various tools to setup alerting when this happens, one of the option i have currently started to explore is
1- AIOPs free version but I am unable to find much details if we can monitor an OID when PAN DB lose its connectivity. The particular OID that I found in Palo supported MIB list is "1.3.6.1.4.1.25461.2.1.3.2.0.2015". Does anyone know if this feature is currently available in AIOPs premium version?
panURLUrlCloudConnectionFailureTrap "Failed to connect the cloud."
panURLUrlCloudConnectionSuccessTrap " Connects to the cloud successfully."
2- Is it possible to monitor OID using Splunk, Is there a specific setting that we need to enable to send logs from firewall to Splunk ?
Thank you in advance
06-04-2024 09:57 AM
Hello,
Not sure about OID and Splunk. However there is a log that is generated if the cloud connection fails and perhaps a Splunk alarm could be created? They are in the 'System' logs.
( eventid eq url-cloud-connection-failure )
Hope this helps!
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
