Determine Your NGFW Management Strategy
Focus
Focus
Next-Generation Firewall

Determine Your NGFW Management Strategy

Table of Contents

Determine Your NGFW Management Strategy

Learn about the different management styles for your Next-Generation Firewalls (NGFWs).
Where Can I Use This?What Do I Need?
  • NGFW
Prerequisites are determined by your management strategy of choice.
Palo Alto Networks provides three distinct management approaches for NGFWs, each designed to address different operational requirements and network architectures.
Direct device management through the PAN-OS web interface offers administrators granular control over an individual firewall's configurations, suitable for small deployments or environments with limited devices.
Panorama provides centralized management capabilities as either a hardware appliance or virtual machine, enabling security teams to implement consistent policy rules, collect unified logs, and generate comprehensive reports across the entire NGFW infrastructure.
Strata Cloud Manager is a cloud-native management solution that eliminates the need for on-premises management infrastructure, offering similar centralized control while providing built-in scalability and simplified deployment for distributed networks. Each management option maintains consistent security capabilities while offering different operational models to align with an organization's existing infrastructure, technical resources, and security management preferences.
While thinking about how you want to manage your NGFWs, you can begin the process of integrating NGFWs into your network.

Determine Your Management Strategy (PAN-OS)

Learn about the advantages of managing your network directly through the PAN-OS web interface.
The PAN-OS web interface provides direct device management for individual NGFW, offering administrators complete control through a browser-based console. This management approach delivers immediate access to all NGFW functions without requiring additional infrastructure. The interface is organized into logical sections including Dashboard, ACC (Application Command Center), Policies, Objects, Network, Device, and Monitor, providing intuitive navigation for both configuration and operational monitoring.
Key advantages include zero deployment overhead, immediate configuration changes without synchronization delays, and direct access to hardware-specific settings. The PAN-OS web interface is particularly suitable for small deployments, lab environments, or scenarios where granular device-specific control is required. This management method enables administrators to leverage the full functionality of the firewall without dependencies on external management systems.

Determine Your Management Strategy (Panorama)

Learn about the advantages of managing your network centrally using Panorama.
Panorama serves as an on-premises centralized management solution for organizations with multiple NGFWs, available as either a dedicated hardware appliance or virtual machine. Its hierarchical management model enables administrators to define shared policy rules that apply across the entire NGFW estate while still enabling for device-specific configurations when needed. Standout features include template stacks for standardizing network configurations, device groups for organizing security policy rules, and consolidated logging that aggregates security data across all Panorama managed devices.
Panorama excels in providing consistent rule enforcement, simplified compliance management, and reduced administrative overhead in multidevice environments. The solution supports role-based access control for distributed security teams and offers comprehensive change management capabilities including commit previews and audit trails. Panorama is valuable for organizations with regulatory requirements necessitating centralized logging or those maintaining significant on-premises infrastructure.

Determine Your Management Strategy (Strata Cloud Manager)

Learn about the advantages of managing your network through the cloud using Strata Cloud Manager.
Strata Cloud Manager represents a Palo Alto Networks cloud-native management platform, offering centralized control of security infrastructure without requiring on-premises management servers. This SaaS-based solution provides similar policy rule management capabilities to Panorama but adds cloud-specific advantages including automatic scaling, continuous updates without maintenance windows, and global accessibility. Standout features include simplified deployment through Zero Touch Provisioning, integrated cloud-delivered security services, and unified management of both physical and cloud-based security controls.
Strata Cloud Manager excels in managing distributed environments and supports hybrid deployments spanning traditional data centers, branch offices, and multicloud environments. The platform offers consumption-based licensing models that align costs with actual usage and provides built-in high availability without additional infrastructure. This management option is advantageous for organizations embracing cloud-first strategies, supporting remote workforces, or seeking to reduce the operational complexity associated with maintaining management infrastructure.