Monitor SD-WAN for Prisma orchestrators with Hybrid Cloud Observability

Starting with SolarWinds Hybrid Cloud Observability 2024.1 or NPM 2024.1, you can enable SD-WAN monitoring on your Prisma (formerly CloudGenix) orchestrators.

For monitored Prisma nodes, you can see orchestrator information. You can use alerts and reports relevant for SD-WAN monitoring.

Monitor SD-WAN edge devices

Add edge devices managed by a monitored Prisma orchestrator to get further details via Prisma API.

• You can display general details, such as edge device name, model, serial number, status, or type.

• You can display all IP addresses for a specific Prisma SD-WAN device and properly match IPs received in NetFlow data to the node.

• You can monitor uplinks (WAN interfaces).

• You can monitor VPN tunnels - the list of tunnels and their status. No further statistics are monitored for tunnels.

  VPN tunnel names are created as follows:

  {Source Interface Name} → {Peer SysName}:{Peer Interface Name}

Monitor Prisma orchestrators

• You can display status and response time, polled via REST (Prisma API).

• You can display the list of all devices managed by an orchestrator and add them in a simplified discovery as SNMP or API-only nodes.

Prisma SD-WAN setup and monitoring steps

Review the requirements for Prisma devices

Supported edge devices must have one of the following SNMP SysObjectID: 1.3.6.1.4.1.50114.11.1.10 or 1.3.6.1.4.1.50114.11.1.11

For Prisma devices, the following SD-WAN metrics are monitored:

• Orchestrator Inventory and Status
• General Edge device Info
• Edge device uplinks (WAN interfaces)
• VPN tunnels

Additional metrics for API-only nodes

• Details ​
• Status

SNMP-polled metrics for SNMP nodes

• Details
• ICMP and SNMP status and response time​
• SNMP uptime​

SNMP-polled metrics for interfaces of SNMP nodes

• Details
• Status / Availability
• Errors & Discards
• Traffic
• Percent Utilization (regular and real time)​

See SNMP or API-based monitoring for Prisma SD-WAN devices for more details.

Rate limits

A Prisma Orchestrator is limited to 2,000 requests/minute. By default, Hybrid Cloud Observability is limited to 20 requests/second. For details, see Prisma API polling limit was exceeded.

Add new SD-WAN devices for monitoring in Hybrid Cloud Observability

To monitor SD-WAN, add the Prisma orchestrator as a node, and then add edge devices.

Each monitored Prisma orchestrator uses a node license.

Add Prisma orchestrator

1. Log in to the SolarWinds Platform Web Console as an administrator.

2. Click Settings > Manage Nodes, and then click Add a Node.

3. In Polling Method, select Orchestrators: API.

4. Under Orchestrators, select Prisma Devices.

5. Type your Prisma credentials into Client ID, Client Secret, and TSG ID fields and test the credentials.

   These details are generated when you create a service account for your Prisma tenant. See Add a Service Account... in PaloAlto documentation.

6. Review and adjust the device properties.

   1. Review your credentials and proxy settings.

   2. To edit how often the node status, or monitored statistics are updated, change the values in the Polling area.

      

      For critical nodes, you may need to poll status information or collect statistics more frequently than the default polling intervals.
      

   3. Enter values for custom properties for the node.

      The Custom Properties area is empty if you have not defined any custom properties for monitored nodes. See "Add custom properties to nodes" in the SolarWinds Platform Administrator Guide.

   4. To adjust when the status of the node changes to Warning or Critical, edit alerting thresholds for the metric. Select the Override box and set thresholds for the node.

      

7. Click OK, Add Node.

The Prisma orchestrator is now monitored as an SD-WAN orchestrator. Add connected Prisma devices to complete the SD-WAN configuration.

Add Prisma devices connected to the orchestrator as SNMP nodes

When you have added the orchestrator for monitoring, you need to add edge devices you want to monitor.

1. In SolarWinds Platform Web Console, click Settings > Manage Nodes.

2. On the Manage Nodes view, click the added orchestrator node.

3. On the SD-WAN Orchestrator Details view, click Discover Prisma Devices in the Management widget.

4. Select that you want to monitor Prisma devices as SNMP nodes and click Continue. Network Sonar Wizard will be launched automatically.

5. In Network Sonar Discovery, review the hostnames and IP addresses received from the orchestrator. Include only the devices you want to monitor and click Next.

   

6. On SNMP, make sure SNMP credentials for the devices are listed and click Next. If appropriate credentials are not listed, click Add New Credential, and define a new set.

7. Complete the wizard by clicking Discover on the last tab. The wizard searches your network for the hostnames/IP addresses.

8. Discovered devices are listed in the Network Sonar Results wizard. Complete the wizard to add the devices for monitoring.

When you finish the wizard, go to the SD-WAN Orchestrator Details page (Settings > Manage Nodes > click the orchestrator node). After the next poll, the page will display data not only for the orchestrator, but also for monitored edge devices.

Add Prisma devices connected to the orchestrator as API-only nodes

When you have added the orchestrator for monitoring, you need to add edge devices you want to monitor.

1. In SolarWinds Platform Web Console, click Settings > Manage Nodes.

2. On the Manage Nodes view, click the added orchestrator node.

3. On the SD-WAN Orchestrator Details view, click Discover Prisma Devices in the Management widget.

4. Select that you want to monitor Prisma devices as API-only nodes and click Continue. Network Sonar Wizard will be launched automatically.

5. Complete the wizard by clicking Discover on the last tab. The wizard discovers the devices based on Prisma API

6. Discovered devices are listed in the Network Sonar Results wizard. Complete the wizard to add devices for monitoring.

When you finish the wizard, go to the SD-WAN Orchestrator Details page (Settings > Manage Nodes > click the orchestrator node). After the next poll, the page will display data not only for the orchestrator, but also for monitored edge devices.

Configure SD-WAN monitoring on edge devices already monitored with SolarWinds Platform

If you monitored SD-WAN edge devices in a previous version using SNMP and upgraded to Hybrid Cloud Observability, add the Prisma orchestrator to automatically pair them with the orchestrator.

Monitor SD-WAN for Prisma devices

When you enable SD-WAN polling for a Prisma orchestrator node and click it, the SD-WAN Orchestrator Summary page opens.

By default, it includes widgets you can use to manage the device, view the device details, active alerts, latest events, or AppStack for the device.

Edge Devices

This widget lists device names, IP addresses, models, serial numbers and network IDs of edge devices paired with the orchestrator.

Orchestrator Inventory

This widget displays a list of Prisma devices connected to managed orchestrators. Devices managed by Hybrid Cloud Observability are marked in the Managed by Platform column.

To add unmanaged devices, click the Discover Prisma Devices button and add them for monitoring.

SD-WAN Map

This widget is available on Orchestrator views. It displays connections between monitored devices on the network. For directly connected devices, you can also see used interfaces.

VPN Connections

On SD-WAN Orchestrator views, this widget displays VPN tunnels for all edges paired with the orchestrator.

On an edge Node Details view, the widget displays VPN tunnels for the edge.

This widget is not displayed by default. See Add widgets to SolarWinds Platform views.

VPN Tunnels

On SD-WAN Orchestrator views, this widget displays VPN tunnels and their metrics for all edges paired with the orchestrator.

On an edge Node Details view, the widget displays VPN tunnels and their metrics for the edge.

WAN UpLinks