Monitoring and Logging

Question 1

The VM-Series firewall on AWS can publish native PAN-OS metrics, which you can use to monitor the firewalls to what logging system?

Answer 1

AWS CloudWatch

Question 2

What do the logs in AWS Cloud Watch allow admins to do?

Answer 2

assess performance and usage patterns that can be used to take action for launching or terminating instances of the VM-Series firewalls

Question 3

The firewalls use AWS APIs to publish the metric to a?

Answer 3

namespace

Question 4

What is a namespace in AWS (CloudWatch)?

Answer 4

location on AWS where the metrics are collected at a specified time interval

Question 5

When you configure the firewalls to publish metrics to AWS CloudWatch, there are two namespaces where you can view metrics. What are they?

Answer 5

1. primary namespace
2. secondary namespace

Question 6

What does the primary namespace do?

Answer 6

collects and aggregates the selected metric for all instances configured to use the namespace

Question 7

What is the purpose of the secondary namespace?

Answer 7

allows to filter the metrics using the hostname and AWS instance ID metadata (or dimensions) and get visibility into the usage and performance of individual VM-Series firewalls

Question 8

How is the secondary namespace created and with what suffix?

Answer 8

automatically with the suffix _dimensions

Question 9

What needs to be done on the firewall to be able to send logs to CloudWatch?

Answer 9

go to Device > VM-Series and enable CloudWatch montoring, specify the namespace and update interval in minutes

Question 10

What is the Update Interval in the AWS CloudWatch configuration on a firewall?

Answer 10

frequency at which the firewall publishes the metrics to CloudWatch

Question 11

What is the min and max interval for firewall to publish logs to CloudWatch?

Answer 11

min 1, max 60

Question 12

What is the name of the service similar to AWS CloudWatch in Azure and GCP?

Answer 12

• Azure = Application Insights
• Google = Stackdriver

Question 13

What do the published metrics in CloudWatch allow admins to do?

Answer 13

assess firewall performance and usage patterns so that you can set alarms and take action to automate events such as launching or terminating instances of the VM-Series firewalls

Question 14

How are the metrics published to firewalls?

Answer 14

through content updates; make sure that you have the minimum content release version that is required to enable this capability on your VM-Series firewall

Question 15

In terms of data plane utilization, what metrics are available for monitoring?

Answer 15

• Dataplane CPU Utilization (%)
• Dataplane Packet Buffer Utilization (%)

Question 16

In terms of GlobalProtect utilization, what metrics are available for monitoring?

Answer 16

• GlobalProtect™ Gateway Active Tunnels
• GlobalProtect Gateway Tunnel Utilization (%)

Question 17

In terms of session utilization, what metrics are available to monitor?

Answer 17

• panSessionConnectionsPerSecond
• panSessionThroughputKbps
• panSessionThroughputPps
• Sessions Active
• Session Utilization (%)