Manage Historical Device Telemetry
For PAN-OS 10.0, support for prior telemetry data collection is reduced.
Device Telemetry changed significantly for the PAN-OS 11.0 release. Prior to 10.0, telemetry
data was mostly of interest for threat intelligence purposes. As of 10.0, threat
intelligence metrics are still a large portion the data collected by the device, but a great
deal more data involving the health, performance, and configuration of the device is
collected as well.
In other words, PAN-OS 11.0 device telemetry extends the data that was collected for previous
releases. PAN-OS 11.0 also sends telemetry data to a different cloud location than
did prior releases. But the historical telemetry support still exists for next-generation
firewalls running PAN-OS 10.0. The only difference is that the 11.0 device telemetry
user interface is not capable of managing this historical data collection.
If you have an existing next-generation firewall, and you have any of the historical
telemetry data categories enabled, then when you upgrade to PAN-OS 11.0 your firewall will
continue to collect and share this information. If you want to turn this telemetry data
sharing off, use the following CLI commands:
set deviceconfig system update-schedule statistics-service application-reports no
set deviceconfig system update-schedule statistics-service threat-prevention-reports no
set deviceconfig system update-schedule statistics-service threat-prevention-information no
set deviceconfig system update-schedule statistics-service threat-prevention-pcap no
set deviceconfig system update-schedule statistics-service passive-dns-monitoring no
set deviceconfig system update-schedule statistics-service url-reports no
set deviceconfig system update-schedule statistics-service health-performance-reports no
set deviceconfig system update-schedule statistics-service file-identification-reports no
If you have a 11.0 firewall and this telemetry sharing is turned off, but you want to share
this data with Palo Alto Networks, then you can turn it on using:
set deviceconfig system update-schedule statistics-service application-reports yes
set deviceconfig system update-schedule statistics-service threat-prevention-reports yes
set deviceconfig system update-schedule statistics-service threat-prevention-information yes
set deviceconfig system update-schedule statistics-service threat-prevention-pcap yes
set deviceconfig system update-schedule statistics-service passive-dns-monitoring yes
set deviceconfig system update-schedule statistics-service url-reports yes
set deviceconfig system update-schedule statistics-service health-performance-reports yes
set deviceconfig system update-schedule statistics-service file-identification-reports yes
You can see whether your device is collecting and sharing this historical telemetry
data using the following CLI command:
show deviceconfig system update-schedule statistics-service
