Learn about metrics you can use to monitor your network firewall.
You can monitor the health, capacity, and performance of your Network firewalls by using metrics, alarms, and notifications.
This topic describes the metrics emitted by the metric namespace
Overview of the Network Firewall Service Metrics
Oracle Cloud Infrastructure Network Firewall is a next-generation managed network firewall and intrusion detection and prevention service for your VCN, powered by Palo Alto Networks. The Network Firewall service metrics help you measure various levels of traffic encountering your firewall rules. For more information, see Overview of Network Firewall.
IAM To monitor resources, you must be given the required type of access in a policy written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. The policy must give you access to the monitoring services as well as the resources being monitored. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which compartment you should work in. For more information on user authorizations for monitoring, see the Authentication and Authorization section for the related service: Monitoring or Notifications.
Available Metrics: oci_network_firewall
The metrics listed in the following table are automatically available for any firewalls you
create. You do not need to enable monitoring on the resource to get these metrics. However,
you must have the firewall properly set up with network traffic passing through it to make the
oci_network_firewall metric space available in the Metrics Explorer
feature. Firewalls with no network traffic emit no metric data.
Each metric includes one or more of the following dimensions :
- The OCID of the firewall.
- The name of the firewall.
|Metric||Metric Display Name||Unit||Description||Dimensions|
||Security Rule Hits||count||The number of times a connection matches a security rule.||
||Decryption Rule Hits||count||The number of times a connection matches a decryption rule.|
||Packets Sent||count||The number of packets sent from the firewall to the network, after drops.|
||Packets Received||count||The number of packets received at the firewall from the network, after drops.|
Using the Console
- Click the firewall to view its details.
- Under Resources, click Metrics.