Monitoring large environments

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Monitoring large environments

L4 Transporter

Just wondering how others are monitoring large FW/Panorama footprints for things like license expiration, hardware failures and so on.


Thanks in advance for your time. 


Cyber Elite
Cyber Elite

Hello @RobertShawver


without going into details of process and products, I can share following.


For license/subscription check, within the scope of Palo Alto Firewalls, we let NOC on weekly bases to go through Panorama > Device Deployment > Licenses and note down each Firewall that is going to be expired within 3 month and then report it for renewal.

In parallel, purchasing team has in their system list of all the contracts. Before expiry date, they notify owner/department to renew. Which ever process kicks first, will initiate renewal process.


For hardware failures, NOC monitors 24/7 all equipment for failures by using 3rd party monitoring system. In the case of failure, alert is triggered in monitoring system and based on criticality matrix, the issue is escalated to on-call engineer,... If necessary, ticket is opened for hardware replacement.


Kind Regards


Help the community: Like helpful comments and mark solutions.

Cyber Elite
Cyber Elite

If 30 day notification is enough you can check System log with filter below.

( description contains 'License for feature' ) and ( description contains 'will expire on' )


To see already expired subscriptions use

( description contains 'License for feature' ) and ( description contains 'expired' )


Device > Log Settings allows to configure email notifications.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Cyber Elite
Cyber Elite


As far as licenses go, we use a combination method of monitoring the footprint.

First and foremost everything is co-termed upon first renewal so that we're doing as few purchases throughout the year as possible, and we primarily only have to work with a single date. 

Secondly our purchasing team does a good job of knowing when our licenses are due to expire, but it's also something that we check as part of a 1st of the month checklist. Verifying that everything under our account is good to go from a license renewal standpoint, and anything not under the co-term isn't going to expire in the next 60 days and ensure we have a ticket to account for it in the co-term renewal or get it extended prior to license expiration.

Lastly as @Raido_Rattameister mentioned we have everything setup to send us license alerts from the system logs in the event the license gets to a point where there's less than 30 days remaining. This doesn't really ever trigger in our environment because they've been renewed prior to that window, but it does alert us whenever we need to manually load updated licenses and serve as a last resort to get things renewed if it was somehow missed.


As for monitoring for hardware failures and the like, we have each device setup to alert us of any high or critical events assuming that it can still talk to us. Then our monitoring platforms are additionally monitoring the devices to ensure that it's reachable and doesn't have any issues that would prevent the device itself from sending the alerts. 

I'd also look into the free version of AIOps for your equipment if you aren't already using it. AIOps free still gives you a lot of information about your devices and serves as a good way to keep an overview of everything at a high level. Premium has additional features available, but if all you care about is device health the free features offer more than enough capability in my opinion.

Thanks.  I need to be at 10+ for AIOps, yes?

  • 4 replies
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!