Who rated this post

A Palo Alto Networks next-generation firewall must capture network traffic sent between endpoints and data center servers.
 

To monitor internal network traffic, customers may: 

• Use existing inline Next-Generation Firewalls that monitor internal network traffic as sensors to collect network metadata for Logging Service and Cortex XDR (formerly Magnifier).
• Deploy a Next-Generation Firewall in inline L3 mode.  This deployment will also offer the added benefit of improved network security because of internal segmentation, threat prevention, and visibility.
• Deploy another Next-Generation Firewall inline, in VWire mode.  This way the Next-Generation Firewall supports multiple VWire interfaces, so the customer’s network does not need to be re-architected, but it will require downtime.
• Deploy another Next-Generation Firewall with multiple interfaces configured in TAP or SPAN ports or Network Packet Brokers to send the traffic to these Next-Generation Firewalls.
• Configure new or unused interfaces on a perimeter Next-Generation Firewall to receive collected traffic in TAP mode, if the firewall has extra interfaces and can handle the additional traffic. The customer would use a Network Packet Broker to aggregate the east-west traffic to the perimeter firewall.