Focus

Best Practices for Managing Firewalls with Panorama

Design Your Logging Infrastructure

Table of Contents

Design Your Logging Infrastructure

Best practices for implementing logging infrastructure for storing logs forwarded from managed firewalls.

It is a best practice to plan and design your logging infrastructure before you deploy new managed firewalls. The Panorama management server provides multiple modes for device management and log collection. Panorama mode allows you to both manage your firewall configuration and ingest and store logs. If you want your Panorama to have a single function, Log Collector mode is designed solely for log ingestion and storage while Management Only mode is designed solely for firewall configuration management.

Use the Panorama Sizing and Design Guide to calculate the logging rate and determine your log storage requirements. This is important when deciding on the log storage capacity of your Log Collectors and can be based on numerous factors such as regulatory requirements.
Consult your Sales Engineer (SE) when sizing your logging infrastructure. They will provide you with the technical expertise needed to interpret and customize your deployment to meet your needs.
Do not use Legacy mode if you are deploying a Panorama virtual appliance due to the many logging limitations and restrictions associated with this mode. While suitable for a lab or demo environment, avoid using a Panorama in Legacy mode in your production environment.
Use a separate interface for log collection on your managed firewalls. This helps you maintain performance on your management interface which is communicating with Panorama. As a sound security best practice, configure a permitted IP list for all interfaces.

Best Practices for Monitoring and Visibility on Panorama

Monitoring the Application Command Center (ACC) and Logs on Panorama