End-of-Life (EoL)
The web interfaces of Panorama and the firewall have the same look and feel. However, the Panorama web interface has additional options for managing Panorama and for using Panorama to manage firewalls and Log Collectors.
You can use the Context drop-down above the side menu to switch between the Panorama web interface and a firewall web interface. When you select a firewall, the web interface refreshes to show all the pages and options for the selected firewall so that you can manage it locally. The drop-down displays only the firewalls to which you have administrative access (see Panorama > Access Domains) and that are connected to Panorama. The icons of firewalls that are in high availability (HA) mode will have colored backgrounds to indicate their HA state .
Panorama Page Description
Setup Enables you to: Specify general settings (for example, the Panorama host name). Specify settings for authentication, the management interface, logs, reports, AutoFocus, banners, the message of the day, and password complexity. Back up and restore configurations. Define network server connections (DNS and NTP). Select the WildFire server. Manage hardware security module (HSM) settings. Select Device > Setup > Management.
High Availability Enables you to configure high availability (HA) for a pair of Panorama management servers. Select Panorama > High Availability.
Config Audit Enables you to see the differences between configuration files. Select Device > Config Audit.
Password Profiles Enables you to define password profiles for Panorama administrators. Select Device > Password Profiles.
Administrators Enables you to configure Panorama administrator accounts. Select Panorama > Managed Devices. If a user account is locked out, the Administrators page displays a lock in the Locked User column. You can click the lock to unlock the account.
Admin Roles Enables you to define administrator roles, which involves defining the privileges and responsibilities of users who will access Panorama. Select Panorama > Managed Devices.
Access Domain Enables you to control administrator access to device groups, templates, template stacks, and the web interface of firewalls. Select Panorama > Access Domains.
Authentication Profile Enables you to specify a profile for authenticating access to Panorama. Select Device > Authentication Profile.
Authentication Sequence Enables you to specify a series of authentication profiles to use for permitting access to Panorama. Select Device > Authentication Profile.
Managed Devices Enables you to manage firewalls, which includes adding firewalls to Panorama as managed devices , displaying firewall connection and license status, tagging firewalls, updating firewall software and content, and loading configuration backups. See Panorama > Managed Devices.
Templates Enables you to manage Panorama > Templates for the configuration options in the Device and Network tabs. Templates and template stacks enable you to reduce the administrative effort of deploying multiple firewalls with similar configurations.
Device Groups Enables you to configure Panorama > VMware Service Manager, which group firewalls based on function, network segmentation, or geographic location. Device groups can include physical firewalls, virtual firewalls, and virtual systems. Typically, firewalls in a device group need similar policy configurations. Using the Policies and Objects tab on Panorama, device groups provide a way to implement a layered approach for managing policies across a network of managed firewalls. You can nest device groups in a tree hierarchy of up to four levels. Descendant groups automatically inherit the policies and objects of ancestor groups and of the Shared location.
Managed Collectors Enables you to manage Panorama > Managed Collectors. A Log Collector can be local to an M-Series appliance in Panorama mode (default Log Collector) or it can be an M-Series appliance in Log Collector mode (Dedicated Log Collector). A Panorama management server (an M-Series appliance in Panorama mode or a Panorama virtual appliance) can manage a Log Collector. Because you use Panorama to configure Log Collectors, they are also called managed collectors . You can also use this page to Install a Software Update on a Log Collector. An M-Series appliance can be a Panorama management server, a Log Collector, or both. The operational command to change the mode of an M-Series appliance is request system system-mode [panorama | logger] . To view the current mode, run show system info | match system-mode . A Dedicated Log Collector has no web interface, only a CLI. However, you can use the web interface of the Panorama management server to manage and configure Log Collectors.
Collector Groups Enables you to Panorama > Collector Groups. A Collector Group logically groups up to 8 Log Collectors so you can apply the same configuration settings and assign firewalls to them. Panorama uniformly distributes the logs among all the disks in a Log Collector and across all members in the Collector Group. Each Panorama instance can have up to 16 Collector Groups.
VMware Service Manager Enables you to Panorama > VMware Service Manager running on a VMware ESXi server by enabling communication between the NSX Manager and Panorama.
Certificate Management Enables you to configure and manage certificates, certificate profiles, and keys. See Manage Firewall and Panorama Certificates.
Log Settings Enables you to forward logs to Simple Network Management Protocol (SNMP) trap receivers, syslog servers, and email addresses.
Server Profiles Enables you to configure profiles for the following server types that provide services to Panorama: Device > Server Profiles > Email Device > Server Profiles > SNMP Trap Device > Server Profiles > Syslog Device > Server Profiles > RADIUS Device > Server Profiles > TACACS+ Device > Server Profiles > LDAP Device > Server Profiles > Kerberos
Scheduled Config Export Enables you to Panorama > Device Deployment to a File Transfer Protocol (FTP) server or Secure Copy (SCP) server on a daily basis.
Software Enables you to Panorama > Software.
Dynamic Updates Enables you to view the latest application definitions and information on new security threats, such as Antivirus signatures (threat prevention license required,) and update Panorama with the new definitions. See Device > Dynamic Updates.
Support Enables you to access product and security alerts from Palo Alto Networks. See Device > Support.
Device Deployment Enables you to view and Panorama > Device Deployment.
Master Key and Diagnostics Enables you to specify a master key to encrypt private keys on Panorama. Private keys are stored in encrypted form by default even if you don’t specify a new master key. See Device > Master Key and Diagnostics.

Recommended For You