PA-7000 Series Firewall Log Forwarding to Panorama
You can now forward logs from PA-7000 Series firewalls to Panorama for improved log retention, which helps you meet regulatory requirements for your industry as well as your internal log archival requirements. Because of this new ability to forward logs to Panorama, upon upgrade Panorama no longer considers the PA-7000 Series firewall as a Log Collector and you will no longer be able to view your logs and reports from Panorama until you enable log forwarding to Panorama. As soon as you enable log forwarding, the PA-7000 Series firewall begins forwarding new logs to Panorama. To forward all logs generated prior to enabling forwarding, you will have to run a CLI command.
Before upgrading your PA-7000 Series firewalls to PAN-OS 8.0, make sure Panorama has a log forwarding infrastructure that is capable of handling the logging rate and volume from the PA-7000 Series firewalls so that you will be able to enable log forwarding to Panorama. Refer to the table in Panorama Models to determine if you have the right logging capacity. If you do not yet have the required logging infrastructure, you can enable Direct Query of PA-7000 Series Firewalls from Panorama, which is available in PAN-OS 8.0.8 and later releases. After enabling this option, you will be able to view logs for managed PA-7000 Series firewalls on the Panorama
Monitortab. Additionally, as with all managed devices, you can generate reports that include PA-7000 Series log data by selecting
Remote Device Dataas the
Data Source. For aggregated views of PA-7000 Series t log data within all Panorama views: Application Command Center (ACC), the App-Scope, the log viewer (
Monitortab), and the standard, customizable reporting options on Panorama, you must configure log forwarding as described in the following workflow.
In addition, this feature introduces the option to forward logs to Panorama in a high speed mode to enable higher forwarding and peak rates to Panorama. If you enable this option, the PA-7000 Series firewall will not log locally and you will therefore not be able to view logs, reports or see data in the ACC locally on the firewall.
Use the following workflow to configure log forwarding from a PA-7000 Series firewall to Panorama and optionally enable high speed log forwarding.
- Configure a managed collector if you need a new Log Collector to receive the firewall logs. You can also use an existing Log Collector.
- Configure a new Collector Group or edit an existing one. Assign the PA-7000 Series firewall to specific Log Collectors for log forwarding.In environments with high logging rates, you canForward to all collectors in the preference listto load balance the log traffic across all Log Collectors in a Collector Group. Load balancing helps reduce bandwidth competition, which might otherwise result in dropped logs.
- Select, select theObjectsLog ForwardingDevice Groupof the PA-7000 Series firewall, andAdda Log Forwarding profile to define the destinations for Traffic, Threat, WildFire Submission, URL Filtering, Data Filtering, Tunnel Inspection, or Authentication logs.Addone or more match list profiles for each log type you want to forward to Panorama.
- Assign the Log Forwarding profile to the policy rules that trigger log generation and forwarding. Security, Authentication, and DoS Protection rules support log forwarding.For example, to assign the profile to a Security policy pre-rule, select, select thePoliciesSecurityPre RulesDevice Groupof the PA-7000 Series firewall, edit the rule, selectActions, and select theLog Forwardingprofile.
- Select, select theDeviceLog SettingsTemplateto which the PA-7000 Series firewall is assigned, andAddone or more match list profiles to forward System, Configuration, User-ID, or HIP Match logs to Panorama.
- Select, select theNetworkInterfacesEthernetTemplateto which the PA-7000 Series firewall is assigned,Add Interface, and configure aLog Cardinterface to perform log forwarding.
- (Optional) If you want to raise the maximum log forwarding rate from 80,000 logs/second (default) to 120,000 logs/second, select, edit the Logging and Reporting Settings, selectDeviceSetupManagementLog Export and Reporting, andEnable High Speed Log Forwarding.If you enable this option, the firewall does not store logs locally or display them in theDashboard,ACC, orMonitortabs.
- Selectto activate your changes on Panorama and push them to the device groups, templates, and Collector Groups that you modified.CommitCommit and Push
- Verify your changes by logging in to the CLI of the PA-7000 Series firewall and running the following command:>show logging-statusFor successful forwarding, the output indicates that the log forwarding agent is active.
Recommended For You
Recommended videos not found.