End-of-Life (EoL)
Panorama Features
New Panorama Features | Description |
---|---|
Direct Query of PA-7000 Series Firewalls
from Panorama ( PAN-OS 8.0.8 and later releases ) | With the new support for PA-7000
Series Firewall Log Forwarding to Panorama, Panorama no longer
treats the PA-7000 Series firewalls it manages as Log Collectors.
If you have not configured your managed PA-7000 Series firewalls
to forward logs to Panorama, by default you can only view the logs
from the local firewall and not from Panorama. If you do not yet
have a log forwarding infrastructure capable of handling the logging
rate and volume from your PA-7000 Series firewalls, you can now enable Panorama to directly query managed PA-7000
Series firewalls so that you can view the logs directly from Panorama. |
Logging Service ( PAN-OS
8.0.5 and later releases ) | The new Logging Service is a cloud-based service that
is designed to collect and store large amounts of log data to solve
your operational logging challenges. Palo Alto Networks provides
the required infrastructure with scalable storage and compute that
seamlessly integrates with your existing Panorama. You can continue
to use your on-premise Log Collectors where they exist, or complement
your logging infrastructure with this cloud-based service to which
your Next-Generation Firewalls and GlobalProtect™ cloud service
can directly send logs. Regardless of where the data is collected,
Panorama will provide unparalleled network and threat visibility
to help you prevent attacks. |
Log Query Acceleration | Panorama has an improved log query and reporting
engine to enable a significant improvement in speed when generating
reports and executing queries. All logs generated after the upgrade
to PAN-OS 8.0 automatically take advantage of the improved query
processing architecture. With this enhancement, the logging rate
on the M-Series appliance is lower than in previous Panorama releases.
For maximum logging rates, see Panorama Models. To
extend the performance improvements for older logs, you can migrate
the logs to the new format. |
Logging Enhancements on
the Panorama Virtual Appliance | You can now create a Log Collector that
runs locally on the Panorama virtual appliance. Because the local
Log Collector supports multiple virtual logging disks, you can increase
log storage as needed while preserving existing logs. You can increase
log storage to a maximum of 24TB for a single Panorama and up to
48TB for a high availability pair. Using a local Log Collector also
enables faster report generation (see Log
Query Acceleration). |
Increased Log Storage Capacity | To provide adequate disk space for a longer
log retention period, you can increase the log storage capacity
on the M-500 appliance and Panorama virtual appliance to 24TB (formerly
8TB). The M-500 appliance now supports 2TB disks and up to 12 RAID
disk pairs (formerly 1TB * 8 RAID disk pairs). In addition, the Panorama
virtual appliance now supports a local Log Collector with up to 24TB
of virtual disk space (see Logging
Enhancements on the Panorama Virtual Appliance). |
Traps Logs on Panorama | Panorama can now ingest Traps logs sent
by the Traps Endpoint Security Manager using syslog over UDP,TCP,
or SSL so that you can monitor security events relating to protected
processes and executable files on Traps protected endpoints. You
can filter on any log attribute and answer day-to-day operational
questions such as, “How many different prevention events did a specific
user trigger?” The ability to see Traps logs in the same context
as the firewall logs allows you to correlate discrete activity observed
on the network and the endpoints. Correlated events help you see
the overall picture across your network and the endpoints so that
you can detect any risks that evade detection or take advantage
of blind spots, and strengthen your security posture well before
any damage occurs. |
Extensible Plug-in Architecture | Panorama now supports a plug-in architecture
to enable new third-party integrations or updates to existing integrations
(such as the VMware NSX integration) outside of a new PAN-OS feature
release. Panorama displays only the interface elements pertinent
to the plug-ins you install. The first implementation of this
architecture enables VM-Series
NSX Integration Configuration through Panorama. This architecture
also enables support for the Cloud Services plugin, which is required
for the Logging
Service. |
Extended
Support for Multiple Panorama Interfaces | To support the demands for network
segmentation and security in large-scale deployments, you can now separate the management functions from
the device management and log collection functions on the Panorama
M-Series appliances. The key improvements are:
The
ability to separate these functions across multiple interfaces reduces
the traffic on the dedicated management (MGT) port. You can now lock
down the management port for administrative access to Panorama (HTTPS
and SSH) and the Log Collectors (SSH) only; by default Collector Group
communication is enabled on the management port but you can assign
a different port for this traffic. |
Device Group, Template, and Template
Stack Capacity Increase | Panorama now supports up to 1,024 Device Groups, 1,024 templates (previously
512 each), and 1,024 template stacks (previously
128). In large-scale deployments, these capacity improvements increase
administrative ease in centrally managing from Panorama and reduce
the configuration exceptions and overrides that you must manage
locally on individual firewalls. |
Streamlined Deployment
of Software and Content Updates from Panorama | You can now deploy software and content updates to managed
devices more quickly. Instead of pushing the updates to one device
at a time, Panorama now notifies firewalls and Log Collectors when updates
are available and the devices then retrieve the updates in parallel. The Extended
Support for Multiple Panorama Interfaces enables you to configure
a separate interface, instead of using the management (MGT) interface,
for deploying content and software updates to managed devices. |
Recommended For You
Recommended Videos
Recommended videos not found.