Palo Alto Networks Inc.

United States

Telemetry data includes: • Flow attributes, such as: » App-ID » Source and destination IP/port » Path taken » Flow initiation and completion time » Number of bytes transferred • Transactional application attributes: » Server and network metrics » Total number of successful and failed transactions (both initiation and data transfer failures) • Media application attributes: » Jitter, packet loss, MOS score • Link attributes: » Latency, jitter, packet loss Telemetry, including flow data, is sent to the controller from every ION device on a continual basis over a TLS connection. This data may be temporarily retained on the ION device up to three days in case of an interruption in the transfer of data to controller. Prisma SD-WAN Controller Logs Pipeline The ION devices send log data to the controller on a continuous basis. This data may be temporarily retained on the ION device for up to three days, depending on the size of logs generated, in case of an interruption in the transfer of data to the controller.

The log data remains on the device and is expunged by the system as logs are rotated. Upon service termination, customers can export their data through API-based access. At the customer’s request, data can be purged.

Prisma SD-WAN has two main components: Controller The controller is a cloud-based service that manages the ION devices, enables the user’s interaction with the system, and processes information from the ION device. ION Devices ION devices route packets based on policies (e.g., by sending select traffic through Prisma Access), and apply other services (e.g., firewalling). Information Processed by Prisma SD-WAN Prisma SD-WAN Controller Configuration Service The Prisma SD-WAN controller processes configuration information, policies, IP addresses of the ION devices, clients’ IP addresses, source and destination IP addresses, metadata of ION device activity, and information exported as statistics. The Prisma SD-WAN controller does not collect or store traffic information or VPN session keys. Customers provide configuration information either through the user interface or directly by consuming the APIs. This information is stored in the controller and used to enable product functions. Configuration data includes: • Policies • Site and device configurations • Role-based access control (RBAC) settings • Audit logs ION devices connected to the controller synchronise regularly with the controller through an encrypted TLS connection. The ION device keeps a copy of the configuration locally in a database on an encrypted volume. The controller has a full audit trail of modifications to network configuration. Prisma SD-WAN ION Device The ION device routes the traffic and applies security policies based on the policies. It also: • Determines the path for traffic routing • Determines if traffic has to be inspected • Sends the traffic to Prisma Access via a tunnel (based on policies) • Sends DNS requests and receives the responses • Can allow or deny identified traffic based on security policy The ION device looks exclusively at the metadata and does not decrypt end user traffic. The network administrator configures policies on the Prisma SD-WAN controller, which are sent to the ION device. ION devices collect telemetry data on the traffic flows traversing the devices to provide visibility to the customer. This data is stored in a database on the Prisma-SD-WAN controller and, through a service on the controller, provides a network-wide view of statistics, performance, and analytics through UI and APIs. Prisma SD-WAN Controller Flow Records and Telemetry Pipeline The controller processes incoming telemetry and flow records. After performing certain levels of aggregation, it stores the processed data in a database. This database holds approximately three months of telemetry and one week of flow records. This pipeline also stores the data in AWS® S3 for backup purposes. Prisma SD-WAN Controller Analytics/Reports Pipeline The controller extracts telemetry and flow records data in AWS S3 backup, processes and converts them into a format consumable by the customer, creates analyzed reports, and stores them in AWS S3 for data analytics purposes. Prisma SD-WAN Controller Reports Service The controller provides access to reports to network administrators through external APIs and the Prisma SD-WAN UI portal. Prisma SD-WAN Controller Authentication and AuditLog Service The controller provides authentication service to control access, using RBAC constraints, to all APIs and UI assets. This service uses a network administrator’s name and login credentials. Prisma SD-WAN Controller Database Backup The controller backs up primary databases to AWS S3 on a periodic basis. The data backed up includes databases used by the configuration service and authentication service as described previously.

no

yes

no

yes

support@paloaltonetworks.com

no

no

no

no