Learn about metrics you can use to monitor your network firewall.

You can monitor the health, capacity, and performance of your Network firewalls by using metrics, alarms, and notifications.

This topic describes the metrics emitted by the metric namespace oci_network_firewall.

Overview of the Network Firewall Service Metrics

Oracle Cloud Infrastructure Network Firewall is a next-generation managed network firewall and intrusion detection and prevention service for your VCN, powered by Palo Alto Networks. The Network Firewall service metrics help you measure various levels of traffic encountering your firewall rules. For more information, see Overview of Network Firewall.


IAM To monitor resources, you must be given the required type of access in a policy  written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. The policy must give you access to the monitoring services as well as the resources being monitored. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which compartment  you should work in. For more information on user authorizations for monitoring, see the Authentication and Authorization section for the related service: Monitoring or Notifications.

Available Metrics: oci_network_firewall

The metrics listed in the following table are automatically available for any firewalls you create. You do not need to enable monitoring on the resource to get these metrics. However, you must have the firewall properly set up with network traffic passing through it to make the oci_network_firewall metric space available in the Metrics Explorer feature. Firewalls with no network traffic emit no metric data.

Each metric includes one or more of the following dimensions 

The OCID  of the firewall.
The name of the firewall.
Metric Metric Display Name Unit Description Dimensions
SecurityRuleHitCount Security Rule Hits count The number of times a connection matches a security rule.



Decrryption RuleHitCount Decryption Rule Hits count The number of times a connection matches a decryption rule.
PacketSentCount Packets Sent count The number of packets sent from the firewall to the network, after drops.
PacketReceivedCount Packets Received count The number of packets received at the firewall from the network, after drops.

Using the Console

To view metric charts for a firewall
  1. Open the navigation menu and click Identity and Security. Under Firewalls, click Network Firewalls.
  2. Click the firewall to view its details.
  3. Under Resources, click Metrics.