Manage Your NGFWs
Learn about managing your NGFWs and NGFW resources.
Where Can I Use This? | What Do I Need? |
Effective resource management on NGFWs encompasses the entire lifecycle of the security
appliance, from initial registration through operational monitoring to eventual
decommissioning. The resource management process begins during implementation, where
administrators must register NGFWs with Palo Alto Networks to activate subscriptions,
enable updates, and access support services. This registration associates the NGFW's
serial number with a customer account, enabling features like threat intelligence
updates and software upgrades while establishing the device's identity within the
support ecosystem.
During operational use, monitoring hardware resource consumption becomes essential for
maintaining security efficacy and performance. Administrators should regularly assess
CPU utilization, memory usage, session table capacity, and disk storage—particularly for
logging and reporting functions. Each hardware model has specific capacity limitations,
and exceeding these thresholds can trigger resource exhaustion, potentially causing
packet drops, increased latency, or security bypass. Implementing appropriate alerting
thresholds for resource metrics provides early warning of developing issues, while
capacity planning helps ensure appropriate hardware sizing as network traffic patterns
and security requirements evolve.
The resource lifecycle concludes with proper decommissioning procedures when NGFWs reach
end-of-life or require replacement. Decommissioning involves several critical steps:
backing up configurations, securely erasing sensitive data through factory reset
functions, unregistering the device from support systems, and revoking any certificates
or credentials associated with the NGFW. For organizations with centralized management
through Panorama or Strata Cloud Manager, this process also includes removing the device
from the management console and ensuring that any shared policies or objects are
properly migrated to replacement systems. Proper decommissioning not only protects
sensitive configuration data but also ensures accurate license management and inventory
tracking across the security infrastructure.