Version 2

    It is my pleasure to announce the release of NPM v12.5 RC1.  To download the Release Candidate, log in to the customer portal and navigate to the NPM downloads section. A few important notes:

    • RC builds are made available to existing customers prior to the formal release ("GA"). These are used to get customer feedback in production environments.
    • RC versions can be upgraded to later releases and are fully supported in production environments.

    With that out of the way, let's jump into the contents of this release!

     

    Network Insight for Palo Alto

    The moment we released Network Insight for Cisco ASAs, we started getting requests for Network Insight for Palo Alto.  It quickly became the #1 most requested Network Insight, which made it an easy pick to build.  Thanks for voting!

     

    When we build a Network Insight, we always start with the question: what services does this device provide to the network and how can we best measure their health and performance?   Palo Alto firewalls provide 3 primary services in a network:

    1. Firewall policies that permit safe traffic and deny unsafe traffic
    2. Site to Site VPN tunnels
    3. GlobalProtect Client VPN

     

    Adding a Palo Alto Firewall

    Simply go through Add Node Wizard as usual and check this box:

     

     

    Supply your credentials and we will use the Palo Alto API in addition to SNMP to gather all the data we need.  That's it!  The advanced Network Insight pollers will be assigned and proper views applied.  Navigate to Node Details for the node, and hover over the left hand side to open the sub-view list and confirm Network Insight for Palo Alto is detecting the firewall's services:

     

     

    Firewall Policies

    Palo Alto firewalls use policies to control whether traffic is permitted or denied.  Policies are best retrieved from the config, so NCM is the right tool to retrieve and analyze them.  Check out the details here.

     

    Site to Site VPN Tunnels

     

    Tired of setting up an ICMP node and trying to use it to know when your tunnels go down?  Boy do we have an update for you!

     

    Network Insight will automatically discover and monitor all site to site VPN tunnels.  All tunnels will be identified by the peer IP.  Tunnel status and time in that status is displayed.  You get two different sets of data depending on whether the tunnel is up or down.

     

     

    Tunnels that are up will display the encryption and hashing algorithms that are protecting your data.  Also, bandwidth.  Bandwidth usage on VPN tunnels are can be hard to get because the traffic is encrypted.  It's particularly frustrating because VPN tunnels usually go across your WAN connections.  These connections are very expensive and bandwidth constrained.

     

    When a VPN tunnel is down, the first step in troubleshooting is to figure out if negotiation failed in phase 1 or phase 2.  Network Insight for Palo Alto does this automatically, and provides the log message stating which phase failed next to the down status text.  This should help speed up your troubleshooting.

     

    Tunnels can be selected and added to PerfStack for easy correlation against all the other metrics Orion has about your IT stack:

     

    Of course you can alert and report on VPN tunnels like you can on most other entities in Orion.  Find out which tunnels go down most frequently, what their uptime is, or get notified when a business critical tunnel goes down.

     

    GlobalProtect Client VPN

     

    Ever have your boss ask you why an executive's VPN service on his laptop isn't working?  It's awful.  Visibility into client VPN has historically been pretty terrible.  Network Insight for Palo Alto captures all GlobalProtect client connections.  You can use the search to see all the sessions from a specific user.  Comparing that user's session health vs others connected around the same time can give you a quick indication of if the problem is with the VPN service overall, or just the user and their laptop.

     

     

    Orion Platform Improvements

     

    The Orion Platform has also received a number of large enhancements.  Users of any of the tools built on top of the Orion Platform, including NPM, will benefit from them.  More info can be found here:

    Orion Platform 2019.2 - Install/Upgrade Improvements Part 1

    Orion Platform 2019.2 - Enhanced Node Status

    Orion Platform 2019.2 - Additional Improvements

    Orion Platform 2019.2 - Orion Maps 2.0! 

     

    What now?

     

    Customers on active maintenance can download this new release candidate in the downloads section of the Customer Portal.  There you will also find release notes, system requirements, and all the other docs you need to perform a successful upgrade.

     

    Many of you have more than one network monitoring tool from SolarWinds, and we've released updates to most of them today.  Check out their respective forums for the new goodies:

     

     

    If there is anything you think that we should consider in a future release please be sure to go create new feature request to let me know about the additional functionality you would like to see!