Device Telemetry Overview
Focus
Focus

Device Telemetry Overview

Table of Contents

Device Telemetry Overview

PAN-OS device telemetry is used to power telemetry apps that make it easier to monitor and manage firewalls.
Device telemetry collects data about your next-generation firewall or Panorama and shares it with Palo Alto Networks by uploading the data to Strata Logging Service. This data is used to power telemetry apps, which are cloud-based applications that make it easy to monitor and manage your next-generation firewalls and Panoramas. These apps improve your visibility into device health, performance, capacity planning, and configuration. Through these apps, you can maximize the benefits you enjoy from the products and services that Palo Alto Networks delivers.
Telemetry data is also used for sharing threat intelligence, providing enhanced intrusion prevention, evaluation of threat signatures, as well as improved malware detection within PAN-DB URL filtering, DNS-based command-and-control (C2) signatures, WildFire, and to further improve Palo Alto Networks products and services. Review the PAN-OS Privacy information data sheet for details about the data that Palo Alto Networks collects.
Palo Alto Networks automatically selects recommended settings when you configure telemetry. When you commit the settings, PAN-OS begins collecting and sending telemetry data. See Disable Device Telemetry to manually opt out of device telemetry collection.
Telemetry data is collected and stored locally on your device for a limited period of time. This data is shared with Palo Alto Networks only if you configure a destination region for the data. If your organization has a Strata Logging Service license, then you can only send the data to the same region as where your Strata Logging Service instance resides. If your organization does not have a Strata Logging Service license, then you must install a device certificate in order to share this data. In this case, you can choose any available region, although you must conform to all applicable local laws regarding privacy and data storage.
Telemetry data is collected and shared with Palo Alto Networks on predefined collection intervals starting from the time when the firewall is turned on. These predefined intervals are set by the PAN-OS analytics engine, however you can control whether data is collected and shared by enabling/disabling categories of data. You can also monitor the current status of data collection and transmission.
The size of each bundle of telemetry data depends on the features enabled on your firewall, the number of metrics collected, and the model of the firewall. PAN-OS collects metrics related to operational health and performance, such as CPU and memory, more frequently.
You can obtain a live sample of the data that your firewall is collecting for telemetry purposes. For a complete description of all the telemetry metrics that can be shared with Palo Alto Networks, including the privacy implication for each metric, see the PAN-OS Device Telemetry Metrics Reference Guide.
The automatically created user _cliuser may appear under Logged in Admins on the dashboard while telemetry is enabled. This user is created only for telemetry collection.