Graphical traffic monitoring...

Reply
Highlighted
L3 Networker

Graphical traffic monitoring...

Hi,

We have a PA500 box running 4.1.11 software.

Formerly we used pfsense enjoying RRD graphing of traffic amount on the different interfaces.  We display network information on a big monitor outside our office.  Does anyone here use some thirdparty software to achieve this with PAN boxes? We don't need all the bells and whistles, and it should be easy to configure.

Thanks for help and comments on this..

regards Tor

Tags (2)
Highlighted
L5 Sessionator

Re: Graphical traffic monitoring...

Third Party Suggestion : Cacti :https://live.paloaltonetworks.com/thread/4367

Inbuilt Features:

1>ACC

2>Monitor Tab>App Scope

3>QOS enabled on interface https://live.paloaltonetworks.com/message/21764#21764

Highlighted
L4 Transporter

Re: Graphical traffic monitoring...

I have Zabbix watching several pairs of PA firewalls as well, and graph trending on interfaces, CPU, memory, firewall sessions, etc all work.

Also alerting on specific events works too (for example: "if the session table goes over 80% utilization send an alert")

Highlighted
Palo Alto Networks Guru

Re: Graphical traffic monitoring...

Here is a cool tool that will help as wel

Highlighted
L4 Transporter

Re: Graphical traffic monitoring...

Hi Egearthart

Could you share to me your Zabbix template? I send you few days ago PM, but I didn't get any answer.

With regard

Slawek

Highlighted
L4 Transporter

Re: Graphical traffic monitoring...

slv - honestly the low level discovery features built in to Zabbix 2.0 and 2.2 should make it really easy to walk the Palo Altos and automatically discover interfaces and build graphs, without needing to template out interfaces.

I can export what I have (which mostly provides graphs of the session table, management and data plane CPU usage, number of sessions broken down by TCP, UDP, etc) but for simple interface graphs use low level discovery! It really is the best way to go

https://www.zabbix.com/documentation/2.0/manual/discovery/low_level_discovery#discovery_of_snmp_oids

I would highly recommend you start off with Zabbix 2.2, there are a bunch of critical SNMP fixes in that version. Also Zabbix 2.2 implements AES/SHA support for SNMPv3, which Palo Alto requires for SNMPv3 (otherwise you're forced to use SNMPv2, which is completely clear text... not a good solution to start off with).

Zabbix 2.2 isn't released yet, but there's supposed to be a beta out by the middle of June.

Highlighted
L4 Transporter

Re: Graphical traffic monitoring...

Hi

I know that automatically discover is working and I have now graphs of traffic. I'm asking you because You have much more (CPU, memory, firewall sessions and >>alerting<<)

If you can export template and send it to me I will be very grateful.

I started playing with zabbix few days ago, I have to learn a lot to build my own template. Good example will be very appreciated.

Regards

SLawek

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!