Focus

Next-Generation Firewall

Alerts Raised by Leveraging Machine Learning

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1 (EoL)
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

Service Alerts

NGFW Incidents Reference

Alerts Raised by Leveraging Machine Learning

Displays the alerts that AIOps for NGFW can raise by leveraging machine learning.

The following table identifies the alerts that AIOps for NGFW can raise by leveraging machine learning.

Alert	Description
Adverse Encrypted Traffic Resource Usage (Premium alert)	Encrypted traffic resources are running low. `Class`: Health `Category`: Resource usage `In-App Support Ticket`: No `Detection Type`: Anomaly
Adverse Resource Usage (Premium alert)	The firewall has anomalous values for connections per second (CPS), throughput, or number of sessions. `Class`: Health `Category`: Resource usage `In-App Support Ticket`: No `Detection Type`: Anomaly
Approaching Max Configuration Limits (Premium alert)	Firewall objects such as rules, groups, and security profiles are nearing device limits. `Class`: Health `Category`: Config Limits `In-App Support Ticket`: No `Detection Type`: Anomaly
High Processing Activity (Free alert)	One or more computing resources are running low on the device. `Class`: Health `Category`: Resource usage `In-App Support Ticket`: No
Increased Traffic Latency - Packet Buffer (Premium alert)	Packet Buffer resources are running low on the device. `Class`: Health `Category`: Resource usage `In-App Support Ticket`: Yes `Detection Type`: Anomaly
Increased Traffic Latency - Packet Descriptor (Premium alert)	Packet Descriptor resources are running low on the device. `Class`: Health `Category`: Resource usage `In-App Support Ticket`: Yes `Detection Type`: Anomaly
Traffic Latency - Packet Descriptors (on-chip) (Premium alert)	Packet Descriptor (on-chip) resources are running low on the device. `Class`: Health `Category`: Flood/DoS `In-App Support Ticket`: No `Detection Type`: Anomaly
Approaching Max Capacity - ARP Table (Premium alert)	Data forecasting analysis shows that the ARP Table entries are on track to reach the firewall's maximum capacity soon. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - Address Groups (Premium alert)	The number of address group objects has been consistently high and is approaching the maximum capacity the firewall can support. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - Address Objects (Premium alert)	The number of address objects has been consistently high and is approaching the maximum capacity the firewall can support. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - Dataplane CPU (Premium alert)	The data plane (DP) CPU usage has been consistently high over time and is approaching the maximum capacity that the device can support. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - Decryption usage (Premium alert)	Data forecasting analysis shows that SSL decryption sessions are on track to reach the firewall's maximum capacity soon. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - FQDN Addresses (Premium alert)	The number of FQDN address objects has been consistently high and is approaching the maximum capacity the firewall can support. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - GlobalProtect Tunnels (Clientless) (Premium alert)	The number of clientless GlobalProtect VPN Tunnels is approaching the maximum capacity the firewall can support. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - IKE Peers (Premium alert)	The number of IKE peers has been consistently high and is approaching the maximum capacity the firewall can support. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - Management Plane CPU (Premium alert)	The management plane (MP) CPU usage has been consistently high and is approaching the maximum capacity the device can support. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - Management Plane Memory (Premium alert)	The management plane (MP) Memory usage has been consistently high and is approaching the maximum capacity the device can support. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - NAT Policies (Premium alert)	The number of NAT policy rules has been consistently high over time and is approaching the maximum capacity that the firewall can support. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - Security Policies (Premium alert)	The number of security policy rules has been consistently high and is approaching the maximum capacity the firewall can support. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - Service Groups (Premium alert)	The number of service group objects has been consistently high and is approaching the maximum capacity the firewall can support. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - Service Objects (Premium alert)	The number of service objects has been consistently high and is approaching the maximum capacity the firewall can support. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - Session Table Utilization (Premium alert)	Usage of the Session Table (%) has been consistently high over time and is approaching the maximum capacity the firewall or VM license can support. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - Virtual Systems (Premium alert)	Data forecasting analysis shows that the Virtual Systems configuration is on track to reach the maximum capacity supported by the firewall's license. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
Approaching Max Capacity - Site-to-Site VPN Tunnels (Premium alert)	The number of Site-to-Site VPN Tunnels, comprising of both IPsec Tunnels and Proxy IDs, has been consistently high and is approaching the maximum capacity the firewall can support. `Class`: Health `Category`: Capacity `In-App Support Ticket`: No
NGFW SD-WAN Application Performance Alert (Premium alert)	Indicates the list of applications that is impacted by poor link performance. `Class`: Health `Category`: SD-WAN Performance `In-App Support Ticket`: No `Detection Type`: Anomaly
NGFW SD-WAN Link Performance Alert (Premium alert)	Indicates what is causing degraded performance for your apps and services or links. `Class`: Health `Category`: SD-WAN Performance `In-App Support Ticket`: No `Detection Type`: Anomaly

Service Alerts

NGFW Incidents Reference

Next-Generation Firewall Docs

Alerts Raised by Leveraging Machine Learning

Next-Generation Firewall Docs

Alerts Raised by Leveraging Machine Learning

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner