Hi all,
Because there are no useful methods to monitor the configured QoS values (at least til 7.0.3, I don't know if there will be a monitoring of QoS in the future), I have written a little script in powershell which gets all the required values over the XML API and the creates an output which could be used for the software PRTG Network Monitor (there is also a free version with limited amount of sensors).
The syntax looks like the following:
"script.ps1 <fwhostname> <physicalinterface> [<qosrule/tunnelinterface>] [tunnel-traffic]"
example for a cleartext rule named "Traffic-to-Internet" on ethernet1/3:
script.ps1 "firewall.domain.local" "ethernet1/3" "Traffic-to-Internet"
example for monitoring a tunnel-traffic rule for tunnel 10 on ethernet1/2:
script.ps1 "firewall.domain.local" "ethernet1/2" "tunnel.10" "tunnel-traffic"
If someone is interested, you can find the script here: https://github.com/inaxis/Palo_QoS_Mon/blob/master/Palo_QoS_Mon_Script.ps1
But you have to be carefully and do not run too many instances of the script at the same time towards a single firewall (specially not a pa-2000), or if you do it have a look at the management cpu utilization.
I tested the script on the following device/software combinations:
The output of the devices is slightly different, so the channel which shows the dropped packets/second does not work on PA-5000 series.
Regards,
Remo
Example screenshots:
Actual bandwidth:
Utilization in percent:
Dropped packets/second:
