vRealize Network Insight supports Palo Alto Panorama 8.0.

The Palo Alto Network features that are supported by vRealize Network Insight are as follows:

  • Interrelation of Palo Alto and NSX entities: The VM membership of the address and the address group of Palo Alto Networks is computed based on the IP Address to VM mapping. This membership info can be queried as follows:

    • VM where Address = <>

    • Palo Alto address where vm = <>

    • VM where Address Group = <>

    • Palo Alto address group where vm = <>

  • Query: You can perform a query for all the Palo Alto entities that are supported by vRealize Network Insight. All the entities are prefixed by Palo Alto. Some of the queries are as follows:

    Table 1.

    Entities

    Queries

    Palo Alto Address

    Palo Alto address where vm = <>

    VM where Address = <>

    Palo Alto Address Group

    Palo Alto address group where Translated VMs = <>

    VM where address group = <>

    Palo Alto Device

    Palo Alto Device where Version = <>

    Palo Alto Device where connected = true

    Palo Alto Device where family = 'PA-5060'

    Palo Alto Physical Device

    Palo Alto Physical Device where model = 'PA-5060'

    Palo Alto VM Device

    Palo Alto VM Device where model = 'PA-VM'

    Palo Alto Device Group

    Palo Alto Device Group where device = <>

    Palo Alto Device Group where address = <>

    Palo Alto Device Group where address group = <>

    Palo Alto Service

    Palo Alto service where Port = <>

    Palo Alto service where Protocol = <>

    Palo Alto Service Group

    Palo Alto service group where Member = <>

    Palo Alto Policy

    Palo Alto Policy where Source vm = <> and Destination vm = <>

    Palo Alto Policy where Source IP = <> and Destination IP = <>

    Palo Alto firewall

    Palo Alto firewall where Rule = <>

    Palo Alto Zone

    Palo Alto Zone where device = <>

    Palo Alto Virtual System

    Palo Alto Virtual System where Device = <>

    Palo Alto Virtual System where Device Group = <>

    Note:

    Other than the queries, you can also use facets to analyze the search results.

  • VM to VM Path: As a part of the VM-VM topology, vRealize Network Insight displays the Palo Alto VM Series firewall on the host. The applicable rules are displayed when one clicks the firewall icon. If a firewall device (routing device) of Palo Alto Network is also present in the path, then that device is also displayed. When you click the device icon, you can see the basic information such as a Routing table, Interfaces, and a table containing the applied firewall rules.

  • You can view some system events related to the following scenarios for Palo Alto Networks:

    • Palo Alto device not connected to Panorama (manager)

    • NSX Manager not in registered with Panorama

    • NSX fabric agent not found on the ESX for palo alto device

    • Palo alto device not found on Panorama for NSX fabric agent

    • Out of sync security group membership data

A sample Palo Alto Manager dashboard is shown as follows: