Next-Generation Firewall
Alerts Raised by Leveraging Machine Learning
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Alerts Raised by Leveraging Machine Learning
Displays the alerts that AIOps for NGFW can
raise by leveraging machine learning.
The following table identifies the alerts that AIOps for NGFW can raise
by leveraging machine learning.
Alert | Description |
---|---|
Adverse
Encrypted Traffic Resource Usage (Premium alert) | Encrypted traffic resources
are running low. Class: Health Category:
Resource usage In-App Support Ticket: No
Detection Type: Anomaly |
Adverse
Resource Usage (Premium alert) | The firewall has anomalous
values for connections per second (CPS), throughput, or number of
sessions. Class: Health Category:
Resource usage In-App Support Ticket: No
Detection Type: Anomaly |
Approaching
Max Configuration Limits (Premium alert) | Firewall objects such as rules,
groups, and security profiles are nearing device limits. Class:
Health Category: Config Limits In-App
Support Ticket: No
Detection Type: Anomaly |
High Processing Activity (Free
alert) | One or more computing resources
are running low on the device. Class: Health Category:
Resource usage In-App Support Ticket: No |
Increased Traffic Latency - Packet Buffer (Premium alert) | Packet Buffer resources are
running low on the device. Class: Health Category:
Resource usage In-App Support Ticket: Yes
Detection Type: Anomaly |
Increased Traffic Latency
- Packet Descriptor (Premium alert) | Packet Descriptor resources
are running low on the device. Class: Health Category:
Resource usage In-App Support Ticket: Yes
Detection Type: Anomaly |
Traffic
Latency - Packet Descriptors (on-chip) (Premium alert) | Packet Descriptor (on-chip) resources are
running low on the device. Class: Health Category:
Flood/DoS In-App Support Ticket: No
Detection Type: Anomaly |
Approaching Max Capacity - ARP Table
(Premium alert)
|
Data forecasting analysis shows that the ARP Table entries are on
track to reach the firewall's maximum capacity soon.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - Address Groups
(Premium alert)
|
The number of address group objects has been consistently high and is
approaching the maximum capacity the firewall can support.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - Address Objects
(Premium alert)
|
The number of address objects has been consistently high and is
approaching the maximum capacity the firewall can support.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - Dataplane CPU
(Premium alert)
|
The data plane (DP) CPU usage has been consistently high over time
and is approaching the maximum capacity that the device can
support.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - Decryption usage
(Premium alert)
|
Data forecasting analysis shows that SSL decryption sessions are on
track to reach the firewall's maximum capacity soon.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - FQDN Addresses
(Premium alert)
|
The number of FQDN address objects has been consistently high and is
approaching the maximum capacity the firewall can support.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - GlobalProtect Tunnels (Clientless)
(Premium alert)
|
The number of clientless GlobalProtect VPN Tunnels is approaching the
maximum capacity the firewall can support.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - IKE Peers
(Premium alert)
|
The number of IKE peers has been consistently high and is approaching
the maximum capacity the firewall can support.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - Management Plane CPU
(Premium alert)
|
The management plane (MP) CPU usage has been consistently high and is
approaching the maximum capacity the device can support.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - Management Plane Memory
(Premium alert)
|
The management plane (MP) Memory usage has been consistently high and
is approaching the maximum capacity the device can support.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - NAT Policies
(Premium alert)
|
The number of NAT policy rules has been consistently high over time
and is approaching the maximum capacity that the firewall can
support.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - Security Policies
(Premium alert)
|
The number of security policy rules has been consistently high and is
approaching the maximum capacity the firewall can support.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - Service Groups
(Premium alert)
|
The number of service group objects has been consistently high and is
approaching the maximum capacity the firewall can support.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - Service Objects
(Premium alert)
|
The number of service objects has been consistently high and is
approaching the maximum capacity the firewall can support.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - Session Table Utilization
(Premium alert)
|
Usage of the Session Table (%) has been consistently high over time
and is approaching the maximum capacity the firewall or VM license
can support.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - Virtual Systems
(Premium alert)
|
Data forecasting analysis shows that the Virtual Systems
configuration is on track to reach the maximum capacity supported by
the firewall's license.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
Approaching Max Capacity - Site-to-Site VPN Tunnels
(Premium alert)
|
The number of Site-to-Site VPN Tunnels, comprising of both IPsec
Tunnels and Proxy IDs, has been consistently high and is approaching
the maximum capacity the firewall can support.
Class: Health
Category: Capacity
In-App Support Ticket: No
|
NGFW SD-WAN Application Performance Alert
(Premium alert)
|
Indicates the list of applications that is impacted by poor link
performance.
Class: Health
Category: SD-WAN Performance
In-App Support Ticket: No
Detection Type: Anomaly
|
NGFW SD-WAN Link Performance Alert
(Premium alert)
|
Indicates what is causing degraded performance for your apps and
services or links.
Class: Health
Category: SD-WAN Performance
In-App Support Ticket: No
Detection Type: Anomaly
|