Packet drop counters increasing for Palo Alto Networks

Vendor

Palo Alto Networks

Description

Indeni will track packet drop counters and alert if any important counters are incrementing.

Remediation Steps

Contact your technical support provider.

How does this work?

This script uses the Palo Alto Networks API to retrieve the global drop counters, which is the equivelant of running "show counter global filter severity drop" on the CLI.

Why is this important?

Tracking packet drop counters on a Palo Alto Networks firewalls can be crucial to identifying potential issues before they cause a wider impact. Generally, when the firewall drops packets it logs the reason for the drop. Sometimes the drop is legitimate, but sometimes it is due to a configuration or setup issue. In the latter case, it is important to know the packets are being dropped before users complain regarding service issues.

Without Indeni how would you find this?

An administrator can poll the firewall for the various packet drop counters. The challenge, many times, is making sense of which counters are interesting and what each of them means.

View Source Code
single