We recently transitioned from a Checkpoint NG to a Palo Alto 4020 and I'm in the process of learning the new interface and management capabilities of the PA. When we were using the Checkpoint NG I frequently used Checkpoint Monitor to view the Top 10 Sessions when our Internet bandwidth was being gobbled up... it had a live line graph that updated every couple of seconds and showed who was currently using the most bandwidth and how much they were using. I've looked through the PA GUI but haven't found anything that provides me with this type of real-time information... I also looked at the CLI but need something more visual. Does anyone know if the PA GUI has what I'm looking for... and where it is?
Thanks in advance for your help!
How about using the ACC(Application Command Center) per the attached screen shot. In this instance, I set a filter for a specific IP with a time frame of the last 15 minutes which can be customized to fit your needs as well. This example provides the top applications in addition to the top destinations which includes Bytes and Sessions. Hope this helps.
Unfortunately there isn't too many real-time tools int the GUI. Even when we have the Smartmonitor in Checkpoint, we tend to use our netflow monitoring, combined with firewall logs to pinpoint offenders.
I'm thinking we could do something near realtime with a combination of log exports and Splunk. If I am successful, i'll post back.
The closest I've found is show system statistics in the CLI and under the Monitor tab, using the App Scope reports.
Not real time, but good enough to find the people moving large ammounts of traffic.
Thanks for the replies everyone... I believe I will end up using a little bit of everything that was recommended. I should be able to isolate offenders fairly quickly with ACC filtering... and was already planning on setting up QOS so that should help control traffic as well. I did find something similar to what I was looking for in the QOS config... once QOS is enabled on an interface you can go to Network-QOS and click on Statistics next to an interface... there you can find more detailed info on Bandwidth, Applications, Users, Rules. I just wish Applications, Users, and Rules sections had the same type of running chart that the Bandwidth section does.
Thanks again for all the help!
I am so happy for this article.
I did this with Version 4 and now I have Statistical graphs of Total Bandwidth by Applications, Users and Rules. For the active graphs go to NETWORK/Qos tab and select "Statistics" next to the interface the QoS profile activated on the specific interface.
Photo attached of Statistics page.
I love Palo Alto!!!!!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!