(PAN-OS 8.0.8 and later releases)

With the new support for PA-7000 Series Firewall Log Forwarding to Panorama, Panorama no longer treats the PA-7000 Series firewalls it manages as Log Collectors. If you have not configured your managed PA-7000 Series firewalls to forward logs to Panorama, by default you can only view the logs from the local firewall and not from Panorama. If you do not yet have a log forwarding infrastructure capable of handling the logging rate and volume from your PA-7000 Series firewalls, you can now enable Panorama to directly query managed PA-7000 Series firewalls so that you can view the logs directly from Panorama.

(PAN-OS 8.0.5 and later releases)

The new Logging Service is a cloud-based service that is designed to collect and store large amounts of log data to solve your operational logging challenges. Palo Alto Networks provides the required infrastructure with scalable storage and compute that seamlessly integrates with your existing Panorama. You can continue to use your on-premise Log Collectors where they exist, or complement your logging infrastructure with this cloud-based service to which your Next-Generation Firewalls and GlobalProtect™ cloud service can directly send logs. Regardless of where the data is collected, Panorama will provide unparalleled network and threat visibility to help you prevent attacks.

Panorama has an improved log query and reporting engine to enable a significant improvement in speed when generating reports and executing queries. All logs generated after the upgrade to PAN-OS 8.0 automatically take advantage of the improved query processing architecture. With this enhancement, the logging rate on the M-Series appliance is lower than in previous Panorama releases. For maximum logging rates, see Panorama Models.

To extend the performance improvements for older logs, you can migrate the logs to the new format.

You can now create a Log Collector that runs locally on the Panorama virtual appliance. Because the local Log Collector supports multiple virtual logging disks, you can increase log storage as needed while preserving existing logs. You can increase log storage to a maximum of 24TB for a single Panorama and up to 48TB for a high availability pair. Using a local Log Collector also enables faster report generation (see Log Query Acceleration).

To provide adequate disk space for a longer log retention period, you can increase the log storage capacity on the M-500 appliance and Panorama virtual appliance to 24TB (formerly 8TB). The M-500 appliance now supports 2TB disks and up to 12 RAID disk pairs (formerly 1TB * 8 RAID disk pairs). In addition, the Panorama virtual appliance now supports a local Log Collector with up to 24TB of virtual disk space (see Logging Enhancements on the Panorama Virtual Appliance).

Panorama can now ingest Traps logs sent by the Traps Endpoint Security Manager using syslog over UDP,TCP, or SSL so that you can monitor security events relating to protected processes and executable files on Traps protected endpoints. You can filter on any log attribute and answer day-to-day operational questions such as, “How many different prevention events did a specific user trigger?”

The ability to see Traps logs in the same context as the firewall logs allows you to correlate discrete activity observed on the network and the endpoints. Correlated events help you see the overall picture across your network and the endpoints so that you can detect any risks that evade detection or take advantage of blind spots, and strengthen your security posture well before any damage occurs.

Panorama now supports a plug-in architecture to enable new third-party integrations or updates to existing integrations (such as the VMware NSX integration) outside of a new PAN-OS feature release. Panorama displays only the interface elements pertinent to the plug-ins you install.

The first implementation of this architecture enables VM-Series NSX Integration Configuration through Panorama. This architecture also enables support for the Cloud Services plugin, which is required for the Logging Service.

To support  the demands for network segmentation and security in large-scale deployments, you can now separate the management functions from the device management and log collection functions on the Panorama M-Series appliances. The key improvements are:

The ability to separate these functions across multiple interfaces reduces the traffic on the dedicated management (MGT) port. You can now lock down the management port for administrative access to Panorama (HTTPS and SSH) and the Log Collectors (SSH) only; by default Collector Group communication is enabled on the management port but you can assign a different port for this traffic.

Panorama now supports up to 1,024 Device Groups, 1,024 templates (previously 512 each), and 1,024 template stacks (previously 128). In large-scale deployments, these capacity improvements increase administrative ease in centrally managing from Panorama and reduce the configuration exceptions and overrides that you must manage locally on individual firewalls.