Cloud NGFW for AWS
    : Cloud NGFW for AWS Rule Usage
    Focus
    Download PDF
    Focus
    1. Home
    2. AWS
    3. Cloud NGFW for AWS
    4. Cloud NGFW for AWS Rulestacks and Rules
    5. Cloud NGFW for AWS Rule Usage
    Download PDF

    Cloud NGFW for AWS

    Cloud NGFW for AWS Rule Usage

    Table of Contents

    Cloud NGFW for AWS Rule Usage

    Use Panorama to manage rules on your Cloud NGFW resource to track and monitor rule usage for operations and troubleshooting tasks. On your Panorama console, you can view the rule usage at cloud device group to determine if all, some, or none of the Cloud NGFW resources have traffic matches.
    On Panorama, you can view the rule usage details for managed firewalls that have policy rule hit count enabled (default), and for which you have defined and pushed policy rules using device groups. Panorama cannot retrieve rule usage details for policy rules configured locally on the firewall so you must log in to the firewall to view rule usage information for locally configured rules. For more information, see Monitor Policy Rule Usage.

    Rule Usage - Rule Hit and Policy Optimizer

    System Requirements

    The following are the minimum system requirements to monitor your security policy rule usage:
    • Panorama (PAN-OS) version 10.2.8 and above
    • AWS Plugin version 5.2.0 and above
    • Cloud Services Plugin version 5.0.0 and above
    • Cloud Connector Plugin version 2.0.1 and above

    View the Rule Hit Count for a Cloud Device Group

    In the Panorama console, after you associate a cloud device group to a Cloud NGFW resource and configure policies for the cloud device group, perform the following steps to view the rule hit count for a cloud device group in Panorama:
    The NGFW firewall resources report your rulehit data for every 2 minutes to the Cloud NGFW service, and then the cloud NGFW service will have a latency of maximum 2 minute to poll data from firewall resources. This will create a maximum of 4 minute latency in rule hit count data display on the Panorama console.
    1. Select Policies.
    2. In the Device Group section, use the drop-down to select the Cloud Device Group.
    3. Select a Rule, and click Rule Usage.
      You can monitor the rule usage status of your Pre, Post, and Default rules of Security, Decryption, and Application-override policy types.
      You can now see the Hit Count of the selected rule.
      In the Panorama console, the rule hit count gets refreshed for every 4-minute interval, by default.
      Click Reset Rule Hit Counter to refresh the hit count of the selected rule.
      Click PDF/CSV to export the Rule usage details of a selected rule as a CSV or PDF file.

    Rule Usage - App Seen and Policy Optimizer

    You can view all your applications seen and allowed on the firewall that match with your security policy rule. The number in Apps Seen column indicates how many applications were seen on the rule.
    • In the Panorama console, go to the Policies tab.
    • In the Device Group section, use the drop-down to select the Cloud Device Group.
    • Select a Rule, and click Apps seen.
      You can now see the applications configured and displayed on your security policy rule.
    For more information on Apps on Rule, Apps seen, and App seen actions, see Applications and Usage.
    In the Policy Optimizer section, you can also view the rule hit count for all your configured cloud device groups on Panorama. Policy Optimizer provides a simple workflow to migrate your legacy Security policy rulebase to an App-ID based rulebase, which improves your security by reducing the attack surface and gaining visibility into applications so you can safely enable them. For more information, see Security Policy Rule Optimization and Applications and Usage.

    © 2024 Palo Alto Networks, Inc. All rights reserved.