Application Visibility and Risk Report (AVR) Troubleshooting and Frequently Asked Questions

How can I alleviate my prospects privacy concerns? We are exporting the same information that is collected in the predefined application, threat, and URL reports and we then massage the data on the backend. We do not export any user information. Show the customer a sample of the AVR report. And if that is insufficient, follow these steps to show them the data we are using and alleviate the prospects privacy concerns. Generate the statsdump file Unzip the tar.gz file twice Open the reports folder Right click on the application report and open with excel (as a read only worksheet) How do I export the data from the Palo Alto Networks firewall? Run either one of these two CLI commands: tftp export stats-dump to [ip address] scp export stats-dump to [ip address] A tar.gz file that contains the necessary data for the report is automatically generated. The tar.gz file is all you need to get started with the AVR Report process. Be aware that stats dump file collect the last 7 days or less of data. So be sure to try and collect the data before the box is pulled from the network. If the box sits idle for more than 7 days, the stats dump file is blown away when you restart resulting in no data. The AVR Report file upload process fails, giving me an error what happened? The most common cause for this error is the files do not contain data. To check the file for data, unzip the file (twice), then right click on the application report and open it in excel as a read only worksheet. If there is no data in that file, then the cause of the error is determined. Why is there no data in the zip file? The most common reason for no data being in the file is because the box has been idle (out of the network, turned off) for more than 1 week. If the box sits for a week or more and is then restarted, the files are reset to zero. Can I recover the data if the box has sat idle, out of the prospects network? Yes, the data will be stored for up to 7 days after it has been removed from the network. If it sits for longer than a week the data is flushed when the box is started. Data can be recovered by resetting the system clock to a date within the scope of the collection period. Where should we put the Palo Alto Networks firewall to collect the data? The Palo Alto Networks firewall can be placed anywhere in the network but the location that is most interesting is typically a location that can see internet traffic. Does the Palo Alto Networks firewall need to be inline? No, the Palo Alto Networks firewall can be in tap mode to collect the necessary data. Why is the threat page and/or URL page missing or not viewable? The threat page is greyed out because there is no data in the threat or URL file. Why is there no data in the threat or URL file? If the threat or URL file has no data, it is most likely because the license was not installed or the profile was not configured properly. Double check the box and the configuration. If the license is there and the profile is there, then check with avr_feedback@paloaltonetworks.com. What are the random hash errors on the screen while the report is generated? These are meaningless errors that show up in PAN-OS release 3.0 or earlier. The errors can be ignored and the tar.gz file will still be generated. The errors have been fixed in PAN-OS release 3.01.

March 2009

Application Visibility and Risk Report (AVR) Troubleshooting and Frequently Asked Questions
Can we output the report in something other than a PDF? No, not at this time. The tools to automate this report generation dictate that PDF format is the only output option. Can I upload my company logo? Branding the AVR Report is available to select channel partners. Please check with your sales rep for eligibility requirements. Can I add my own pages or remove some of the existing pages? No, not at this time. If you have a complete copy of Adobe Acrobat (not just Acrobat Reader), you can use it to add and remove pages within the PDF document. Open the document in Acrobat, use the pages view to add and remove pages from another PDF document. Note that this will disrupt the page numbering in the AVR Report. Which PAN-OS releases are supported? All releases are supported, however there was an issue with PAN-OS release 2.1 where URL data was not pulled form the box when BrightClouad was used. The characteristics are that the file is tar.gz generated but there is no URL data in the file (and no URL page in the report). This has been fixed in the PAN-OS 2.1.3 release. How do I make feature requests? Please submit any feedback and feature requests to avr_feedback@paloaltonetworks.com.

March 2009