cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GlobalProtect monitoring

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
jeanvancaloen
L1 Bithead
‎10-30-2013 03:43 AM
‎10-30-2013 03:43 AM

GlobalProtect monitoring

I need to graph GlobalProtect current users + traffic via SNMP. I cannot find anything in SNMPwalk or in the available MIBs.


I looked through some older discussions but it seems there is no immediate answer. Any update?


Thanks

2 people had this problem.
Labels:
Reply

Accepted Solutions
jeanvancaloen
L1 Bithead
‎01-07-2015 07:01 AM
‎01-07-2015 07:01 AM

I finally managed to start monitoring with the API, very simple CLI commands and rrdtool on a linux box.

Simply put:


Polling every 5 mins through cronjob

- wget to poll the API which is fed to grep -c to count the active connections

- output of the above is used to update the RRD

Graphs generated every 5 mins through cronjob representing both our gateways and the total and display of the maximum amount of connections.

Graph looks like this now, will make it sexier as I get the chance

gp-8hours.png

If anyone is interested I'd be glad to share the scripts and commands. RRDtool is not user-friendly for first-timers... at all! :-|

KR

View solution in original post

Reply

All Replies
rkim
L5 Sessionator
‎10-31-2013 10:30 AM
‎10-31-2013 10:30 AM

Currently there is no OID for tracking GP users via SNMP. However, I would advise to contact your PANW Sales Rep to inquire about roadmap for such a feature.

-Richard

Reply
jeanvancaloen
L1 Bithead
‎07-25-2014 12:39 AM
‎07-25-2014 12:39 AM

Seems PANOS 6 has required SNMP monitoring capabilities but we're waiting on confirmed stability before upgrading production clusters. Anyone inhere that has used it to graph current GP connections and traffic? Not sure if it's possible to monitor status and traffic of individual ipsec tunnels.

Reply
jeanvancaloen
L1 Bithead
‎01-07-2015 07:01 AM
‎01-07-2015 07:01 AM

I finally managed to start monitoring with the API, very simple CLI commands and rrdtool on a linux box.

Simply put:


Polling every 5 mins through cronjob

- wget to poll the API which is fed to grep -c to count the active connections

- output of the above is used to update the RRD

Graphs generated every 5 mins through cronjob representing both our gateways and the total and display of the maximum amount of connections.

Graph looks like this now, will make it sexier as I get the chance

gp-8hours.png

If anyone is interested I'd be glad to share the scripts and commands. RRDtool is not user-friendly for first-timers... at all! :-|

KR

View solution in original post

Reply
Roland_Sonder
L0 Member
‎08-27-2019 10:53 PM
‎08-27-2019 10:53 PM

Hi 

I do have the same requirement. I shall validate the max concurrent connected GlobalProtect users in order to plan for additional mobile licenses. I do have a about 50 gateways spread worldwide. It would be of great help for me if you could provide more details about your approach and solution. 

Roland 

0 Likes
Reply
Arijit2
L0 Member
‎03-17-2020 10:00 PM
‎03-17-2020 10:00 PM

Hi there,

can you please share the commands to get the GP user stats using API.

0 Likes
Reply
ITgroupEAA
L0 Member
‎04-01-2020 03:20 PM
‎04-01-2020 03:20 PM

This is great if possible can you please share your scripts.

 

Thank You

 

0 Likes
Reply
mhernandezeaa
L0 Member
‎04-01-2020 03:23 PM
‎04-01-2020 03:23 PM

This is exactly what I am needing. If possible can you please share your scripts.

 

Thank You

 

0 Likes
Reply
Converged
L1 Bithead
‎06-09-2020 09:20 AM
‎06-09-2020 09:20 AM

I believe there are now SNMP OIDs for GlobalProtect, as our librenms (linux based) is able to graph the number of GlobalProtect sessions

 

https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-gateways/globa...

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaSCAS

 

says:

Item Name OID Source MIB Description

System uptimehrSystemUptime.01.3.6.1.2.1.25.1.1.0RFC1514-MIB 
GlobalProtect gateway utilizationpanGPGatewayUtilization1.3.6.1.4.1.25461.2.1.2.5.1PAN-COMMON-MIB 
GlobalProtect gateway % utilizationpanGPGWUtilizationPct.01.3.6.1.4.1.25461.2.1.2.5.1.1PAN-COMMON-MIB 
GlobalProtect gateway max tunnelspanGPGWUtilizationMaxTunnels.01.3.6.1.4.1.25461.2.1.2.5.1.2PAN-COMMON-MIB 
GlobalProtect gateway active tunnelspanGPGWUtilizationActiveTunnels.01.3.6.1.4.1.25461.2.1.2.5.1.3PAN-COMMON-MIB
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks