This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

VM monitoring sources attributes/annotations

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VM monitoring sources attributes/annotations

Go to solution
Gun-Slinger
L4 Transporter

‎01-29-2018 07:58 AM

Does anyone know more on the use of the "annotation" field for use in a dynamic address group from a vm information source?

Can the notes or tags field in the summary tab in vCenter be used to apply custom annotations? Any assistance on the syntax would be great since PAN dosn't seem to provide much on this that I could find.

The goal is to be able to apply multiple custom annotations in order to apply the proper dynamic address group to the VM and a VM could belong to multiple dynamic address groups.
vc.jpgdag.jpg

2 people had this problem.
0 Likes Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
SSullivan3
L0 Member
In response to AndrewKemmyNTT

‎11-22-2020 01:04 PM

I ran across the same issue today and found another/better way to use tagging if you have vCenter and the VMware vCenter plug-in for panorama.  Details for configuring the plug-in can be found at Panorama Plugin for VMware vCenter .

 

Instead of using the 'Notes' field, you can use the vCenter 'Tag and Categories' feature.  It is located under 'Menu > Tags & Custom Attributes'.  In my example, I use vCenter Tags to create Dynamic groups in Panorama using the following categories; security-zone, site-or-location and domain-member.

 

FYI: If you don't see the Tags widget in vCenter, you may need to scroll down.

Screen Shot 2020-11-22 at 3.07.16 PM.png

 

There are two pieces to the vCenter Tag configuration; Categories and Tags.  Categories are groups of tags and also control if a VMware entity, in our case the 'VirtualMachine', can have more than one Tag from the Category.

Screen Shot 2020-11-22 at 3.14.01 PM.png

 

For example, the Tags for the "domain-member" category are domain-client, domain-server and domain-controller.  Multiple Cardinality is set to false (see above) and Associable Entities is set to VirtualMachines, so you can only select one Tag and the Tags are only available for Virtual Machines.

Screen Shot 2020-11-22 at 3.13.00 PM.png

 

Once you have your categories and tags defined, apply them to your virtual machines by clicking Assign in the Tags widget for the Virtual Machine.  To manually synchronize the Tags use the VMware vCenter plug-in.

Screen Shot 2020-11-22 at 3.29.07 PM.png

 

Now when you create dynamic address group, you should see your tags available.

Screen Shot 2020-11-22 at 3.34.42 PM.png

 

TIPS:

-You can use (parenthesis) to group multiple ANDs & ORs

-You can add Panorama Tags to dynamic address groups for use in other static or dynamic groups.

Screen Shot 2020-11-22 at 3.36.34 PM.png

 

Hope you find this useful,

Sully

 

View solution in original post

(1)
10 REPLIES 10

Go to solution
Gun-Slinger
L4 Transporter

‎02-05-2018 02:03 PM

Update on this:

So the annotation field leverages the "Notes" field of the guest in vsphere. So if you add a notation in the notes field (example a_host), the PAN will pick it up on the next refresh and add that as an actual filter to choose from for the dynamic address group.

 

The piece I am still missing is can a guest have multiple annotations in the notes field and the PAN pick it up as seperate filters or annotations?

 

If "Yes", what is the syntax?

I have tried, seperate lines, ";", ",", and spaces with no success.

 

sanp.jpg

0 Likes Likes

Go to solution
Sec101
L4 Transporter
In response to Gun-Slinger

‎03-27-2020 12:40 PM

did you ever get an answer on this one?

 

0 Likes Likes

Go to solution
Gun-Slinger
L4 Transporter
In response to Sec101

‎04-08-2020 09:20 AM

Nope never got anything back on this.

0 Likes Likes

Go to solution
AndrewKemmyNTT
L1 Bithead

‎09-02-2020 10:10 PM

I needed to do this today.

In my case I am using vCenter integration.

When creating a dynamic object (objects -> add -> select type -> dynamic) there is an option at the bottom to "Add Match Criteria". When selected, this provides a "picklist" of all the annotations Palo has picked up from vCenter. In my case I already had 'annotation.access.to.3.pool.ntp.org' as a note I made on one of my VMs. for a logical "and" select a second annotation from the picklist so the result is:

'annotation.access to 3.pool.ntp.org' and 'annotation.VMware vCenter Server Appliance' in the Match field of the Dynamic Address Group 

 

 

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks