PANfm - Community Edition
A free, and open-source web dashboard for monitoring Palo Alto Networks firewalls with real-time metrics, automated upgrades, and encrypted multi-device management.
- System Resources: CPU (data plane + management), memory, session count
- Network Throughput: Per-device and per-interface traffic monitoring
- Interface Statistics: Errors, drops, traffic counters with transceiver details
- Connected Devices: ARP table with DHCP hostname enrichment and metadata (custom names, tags, locations)
- Application Traffic: Top applications by session count with category breakdown
- Multi-Device Support: Manage multiple firewalls from one dashboard
- Encrypted Credentials: All API keys and passwords encrypted at rest (Fernet AES-128)
- Authentication: Bcrypt password hashing with session management
- CSRF Protection: All mutating operations protected
- Rate Limiting: Prevent API abuse and firewall overload
- PAN-OS Upgrades: 5-step automated upgrade workflow (check β download β install β reboot β verify)
- Content Updates: Automated threat signature and application database updates
- Throughput Collection: 1-minute interval data collection with PostgreSQL/TimescaleDB storage
- Network Scanning: Nmap integration with change detection and scheduling
- TimescaleDB Storage: Optimized time-series database for metrics and logs
- Automatic Retention: Configurable data retention policies
- Backup & Restore: Full system backup including encryption keys and configurations
- Export Options: CSV and XML export for connected devices and scan results
- Responsive Design: Fully optimized for iPad and iPhone
- Touch-Friendly: Mobile-optimized controls and navigation
- On-the-Go Monitoring: Monitor your firewalls from anywhere
- Docker Compose: Production-ready multi-container setup (web, clock, Redis, TimescaleDB)
- CLI Deployment: Virtual environment installation for development
- CPU: 2+ cores recommended
- RAM: 4GB minimum, 8GB recommended
- Storage: 10GB minimum for databases
- Docker: Docker 20.10+ and Docker Compose 2.0+ (recommended)
- OR Python: Python 3.9+ with PostgreSQL 16 + TimescaleDB (CLI deployment)
- Palo Alto Networks: PAN-OS 9.0+ with API access
- API Key: Generated from firewall web interface
git clone https://github.com/csmblade/panfm-community.git
cd panfm-community# Linux/Mac
chmod +x setup.sh
./setup.sh
# Windows
setup.batThis creates required configuration files and directories:
settings.json- Application settingsdevices.json- Firewall device configurationsencryption.key- Fernet encryption key (keep secure!)auth.json- User authentication (default: admin/admin)data/,redis_data/,timescaledb_data/- Persistent storage
docker compose up -dFirst startup takes approximately 60 seconds while:
- TimescaleDB initializes the database
- Schema manager creates all required tables
- Redis session store starts
Open browser to: http://localhost:3000
Default credentials:
- Username:
admin - Password:
admin
π IMPORTANT: Change the default password immediately after first login!
# Check all containers are running
docker compose ps
# Check for any startup errors
docker logs panfm
docker logs panfm-clock- Navigate to Settings page
- Click Device Management
- Click Add Device
- Enter:
- Name: Descriptive name (e.g., "HQ Firewall")
- IP Address: Firewall management IP
- API Key: Generated from firewall (Device β Setup β Management β API Keys)
- Group: Optional grouping (e.g., "Headquarters", "Branch Offices")
- Monitored Interface: Interface to track throughput (e.g., "ethernet1/1")
- Click Test Connection to verify
- Click Save
On your Palo Alto firewall:
- Follow these instructions - https://docs.paloaltonetworks.com/ngfw/api/api-authentication-and-security/generate-api-key
- Use in PANfm device configuration
Configure retention in Settings:
- Throughput History: 7 days (default)
- Scan History: 30 days (default)
- Connected Devices: 30 days (default)
Create Backup:
- Navigate to Settings β Databases & Backup
- Click Create Backup
- Download generated ZIP file
- Store securely (contains encryption key!)
Restore Backup:
- Navigate to Settings β Databases & Backup
- Click Upload Backup
- Select backup ZIP file
- Check items to restore (encryption key, devices, settings, metadata)
- Click Restore
This project is licensed under the Apache License 2.0 - see LICENSE file for details.
- β Commercial use allowed
- β Modification allowed
- β Distribution allowed
- β Private use allowed
- β Patent protection included
β οΈ No warranty providedβ οΈ No liability acceptedβ οΈ State changes in modified files
PANfm is not affiliated with or endorsed by Palo Alto Networks, Inc. All trademarks are property of their respective owners.