Setting up external monitoring on the Free…
Setup a free account on uptimerobot.com
This gives you up to 50 resources to monitor, but notifies only 1 email address, no one said it couldnt be a distribution list ¯\_(ツ)_/¯.
You can pay a small fee for additional users etc. But pay if you can its inexpensive
Setup a Palo Alto, they have steps if you use other types
- https://uptimerobot.com/help/locations/#:~:text=Tips%20for%20adding%20our%20monitoring%20IPs%20to%20your%20firewall.
- WARNING: Make sure to use applications for your security policies
- PROTECT your management interface!
- Setup an External Dynamic List
- Objects -> External Dynamic Lists -> Add
- Enter the info for their external IP list https://uptimerobot.com/inc/files/ips/IPv4.txt
- Test the source URL to ensure the PAN has access
- Create your security policies
- Make sure its above your DENY Inbound Connections policy!
- If you dont have one I highly recommend it only if you are not hosting any internal applications required by outside users (ie websites, email, etc).
- Make sure its above your DENY Inbound Connections policy!
- Make sure you have a Interface Management Policy
- If you already have one for external Management its still protected by your security policies (if not create one!).
- The security policy for this should only allow ping and icmp is by application.
- Make sure you have one for management access with a source IP selected of a static trusted IP address (another office, data center, etc.) for SSL (HTTPS) and SSH applications.
- Network -> Interface -> Management
- Allow only Ping
- If you allow others, its okay as long as you have it protected by source IP!
- If you already have one for external Management its still protected by your security policies (if not create one!).
- You dont need to put IP’s in here, your security policy is doing that protection for you.
- Setup your Ping monitor on your dashboard dashboard.uptimerobot.com
- Thats It! Add all your things!