Palo Alto Firewall Dashboard

by Cody Dumont
October 17, 2013

This dashboard displays the summary status of the Palo Alto firewall, and includes indicators for events, configuration audits, and NetFlow statistical graphs.

Using the correlation features of LCE and Nessus audit checks, this dashboard highlights the native ability of SecurityCenter to monitor the status of other security products.  By collecting this information, a security analyst can review the configuration and traffic status of the firewall without requiring firewall management privileges. The dashboard and its components are available in the SecurityCenter 4.7 Dashboard app feed, an app store of dashboards, reports and assets.

The dashboard requirements are:

  • SecurityCenter 4.7
  • Nessus 5.2.1
  • LCE 4.2.1

Listed below are the included components:

Palo Alto Status - Device Audit Vulnerabilities - This component displays a pass/fail indicator by check type.  The Tenable_Palo_Alto_PAN-OS_Best_Practices.audit file has 5 check types, each focusing on a separate part of the configuration audit.

  • Device: The firewall management and base operation settings
  • Users:  Lists local users in the device.
  • Security: Verifies the security setting of the configuration
  • Update: Verifies the update server is configured.
  • Reports:  The output from several report commands to display the report status.

Palo Alto Status - NetFlow Summary - This component displays a summary of the top 10 TCP ports identified by Palo Alto native network collector.

Palo Alto Status - NetFlow By Port - This component displays the session count of the top 10 TCP ports identified by Palo Alto native network collector.

Palo Alto Status - Top 10 Events - This component displays count of the top 10 Palo Alto syslog events.

Palo Alto Status - Event Trend Summary - This component displays trend line for the top 10 Palo Alto syslog events.

Palo Alto Status - Event Indicator - This indicator component displays series on Palo Alto syslog event indicators.