Indeni Complements Your Monitoring Solution for Palo Alto Networks Firewalls
Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.
The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog
Five Reasons why enterprises deploy Indeni with their existing monitoring solutions.
1. Automate High Availability readiness checks
Proactively automate tasks to ensure seamless failover in the event of primary firewall failure. Indeni understands how the active/active and active/passive configurations work. For example, we understand the role of the control link, data link and backup links. We will not issue notification in the events these links are down as they are working as intended if the firewall was a passive member of a cluster. At the same time, we constantly ensure the primary and standby firewalls are synchronized including the static routing table, network interface MTU size, OS version, NTP servers, Radius Servers, time-zone, connected networks and many more.
Why Indeni Matters?
Monitoring tools do not automate high availability readiness. Worse yet, monitoring tools lack the deep understanding of how HA works, they are typically very noisy and generate a lot of false positives.
For more information, read this blog post.
2. Remediation Steps
Indeni will go one step further by providing actionable remediation steps. For example, Indeni will notify you if you accidentally left the debug mode command enabled (something that a monitoring tool will not be able to detect), it will tell you how to disable debug and provide you information about every debug command and its purpose.
Why Indeni Matters?
Monitoring tools are good at notifying you when a problem occurs but they lack details about how to address the issues.
3. Automate Regulatory Compliance/Security Risks Reporting
Indeni will regularly check for security risks to help with your compliance efforts. Refer to this blog post for a list of regulatory compliance & security risk checks.
Why Indeni matters?
Without Indeni these tasks are time-consuming and can take away from the team’s primary tasks.
4. Advanced Health Checks
As you start to enable advanced features such as URL filtering, Wildfire and SSL decryption, you want to ensure that these functions are not impacting the operations of your firewalls.
Why Indeni matters?
These advanced features are typically not supported by SNMP monitoring tools. For more information, read this blog post.
5. Palo Alto recommended Best Practices
Indeni has many built-in operations best practices and we make them easily accessible. For example:
- Logs are being discarded
- High log DB usage
- Packet drop counter increasing
- User-Id Agent down
- URL cloud not connected
- Wildfire cloud not connected
- Authentication errors
- Ensure failed login attempts is set to a low value
- High neighbor discovery (ND) cache usage
- Check if any rule has source and destination zones set to “any”
- Check all anti-spyware profiles have DNS sinkholing enabled
- Ensure GlobalProtect update recurrence is set to hourly
- Ensure Apps and Threat are righty configured for content update
Why Indeni matters?
Following vendor recommended best practices can avoid outages but you may not always have the time or experience to ensure best practices are followed.
With our continuous stream of knowledge contributed by industry experts around the globe, we frequently add best practices to keep you out of trouble.
The article explains five reasons enterprise teams deploy Indeni alongside their existing monitoring tools to improve firewall operations and reduce operational risk. It describes how Indeni automates high-availability readiness checks, provides actionable remediation steps, automates regulatory compliance and security-risk reporting, performs advanced health checks for features like URL filtering and SSL decryption, and encodes Palo Alto recommended best practices to prevent outages. The outcome is fewer false positives, faster remediation, continuous compliance checks, better visibility into advanced features not covered by SNMP tools, and easier adherence to vendor best practices.
How does Indeni improve high-availability (HA) readiness compared to typical monitoring tools?
Indeni automates HA readiness checks by understanding HA modes (active/active and active/passive) and the roles of control, data, and backup links, avoiding noisy alerts when links are intentionally down for a passive member. It continuously verifies synchronization between primary and standby firewalls across configurations such as static routing tables, interface MTU sizes, OS versions, NTP and RADIUS servers, time-zone, and connected networks. Unlike typical monitoring tools that lack deep HA awareness and generate false positives, Indeni focuses on true readiness for seamless failover.
What kind of remediation assistance does Indeni provide when it detects a problem?
When Indeni detects issues, it supplies actionable remediation steps rather than only alerting on the condition. For example, if debug mode has been left enabled—something many monitoring tools cannot detect—Indeni will explain how to disable debug and provide details about each debug command and its purpose. This operational guidance helps teams quickly resolve issues by giving both the fix and contextual information about the commands involved, reducing time-to-remediation compared with notification-only tools.
How does Indeni help with compliance, advanced feature health, and vendor best practices?
Indeni automates regular security-risk checks to support regulatory compliance, reducing time-consuming manual tasks that can distract teams from primary responsibilities. It also performs advanced health checks for features like URL filtering, WildFire, and SSL decryption—functions typically not covered by SNMP-based monitoring—so you can ensure those capabilities don’t impact firewall operations. Additionally, Indeni includes numerous Palo Alto recommended operational best practices (for example, monitoring log DB usage, packet drops, User-ID agent status, WildFire and URL cloud connections, authentication errors, ND cache usage, and rule configurations), helping organizations follow vendor guidance to avoid outages.