Indeni Complements Your Monitoring Solution for Palo Alto Networks Firewalls

Originally published at: https://indeni.com/blog/indeni-compliments-your-monitoring-solution-for-palo-alto-networks-firewalls/

Five Reasons why enterprises deploy Indeni with their existing monitoring solutions.

1. Automate High Availability readiness checks

Proactively automate tasks to ensure seamless failover in the event of primary firewall failure. Indeni understands how the active/active and active/passive configurations work. For example, we understand the role of the control link, data link and backup links. We will not issue notification in the events these links are down as they are working as intended if the firewall was a passive member of a cluster. At the same time, we constantly ensure the primary and standby firewalls are synchronized including the static routing table, network interface MTU size, OS version, NTP servers, Radius Servers, time-zone, connected networks and many more.

Why Indeni Matters?

Monitoring tools do not automate high availability readiness. Worse yet, monitoring tools lack the deep understanding of how HA works, they are typically very noisy and generate a lot of false positives.

For more information, read this blog post.

2. Remediation Steps

Indeni will go one step further by providing actionable remediation steps. For example, Indeni will notify you if you accidentally left the debug mode command enabled (something that a monitoring tool will not be able to detect), it will tell you how to disable debug and provide you information about every debug command and its purpose.

Why Indeni Matters?

Monitoring tools are good at notifying you when a problem occurs but they lack details about how to address the issues.

3. Automate Regulatory Compliance/Security Risks Reporting

Indeni will regularly check for security risks to help with your compliance efforts. Refer to this blog post for a list of regulatory compliance & security risk checks.

Why Indeni matters?

Without Indeni these tasks are time-consuming and can take away from the team’s primary tasks.

4. Advanced Health Checks

As you start to enable advanced features such as URL filtering, Wildfire and SSL decryption, you want to ensure that these functions are not impacting the operations of your firewalls.

Why Indeni matters?

These advanced features are typically not supported by SNMP monitoring tools. For more information, read this blog post.

5. Palo Alto recommended Best Practices

Indeni has many built-in operations best practices and we make them easily accessible. For example:

  • Logs are being discarded
  • High log DB usage
  • Packet drop counter increasing
  • User-Id Agent down
  • URL cloud not connected
  • Wildfire cloud not connected
  • Authentication errors
  • Ensure failed login attempts is set to a low value
  • High neighbor discovery (ND) cache usage
  • Check if any rule has source and destination zones set to “any”
  • Check all anti-spyware profiles have DNS sinkholing enabled
  • Ensure GlobalProtect update recurrence is set to hourly
  • Ensure Apps and Threat are righty configured for content update

Why Indeni matters?

Following vendor recommended best practices can avoid outages but you may not always have the time or experience to ensure best practices are followed.

With our continuous stream of knowledge contributed by industry experts around the globe, we frequently add best practices to keep you out of trouble.