Use the Panorama Web Interface
The web interface on both Panorama and the firewall has the same look and feel. However, the Panorama web interface includes additional options and a Panorama-specific tab for managing Panorama and for using Panorama to manage firewalls and Log Collectors.
The following common fields appear in the header or footer of several Panorama web interface pages.
You can use the Context drop-down above the left-side menu to switch between the Panorama web interface and a firewall web interface (see Context Switch).
In the Dashboard and Monitor tabs, click refresh ( ) in the tab header to manually refresh data in those tabs. You can also use the unlabeled drop-down on the right side of the tab header to select an automatic refresh interval in minutes (1 min, 2 mins, or 5 mins); to disable automatic refreshing, select Manual.
An access domain defines access to specific device groups, templates, and individual firewalls (through the Context drop-down). If you log in as an administrator with multiple access domains assigned to your account, the Dashboard, ACC, and Monitor tabs display information (such as log data) only for the Access Domain you select in the footer of the web interface.
If only one access domain is assigned to your account, the web interface does not display the Access Domain drop-down.
A device group comprises firewalls and virtual systems that you manage as a group (see Panorama > Device Groups). The Dashboard, ACC, and Monitor tabs display information (such as log data) only for the Device Group you select in the tab header. In the Policies and Objects tabs, you can configure settings for a specific Device Group or for all device groups (select Shared).
A template is a group of firewalls with common network and device settings, and a template stack is a combination of templates (see Panorama > Templates). In the Network and Device tabs, you configure settings for a specific Template or template stack. Because you can edit settings only within individual templates, the settings in these tabs are read-only if you select a template stack.
View by: Device
By default, the Network and Device tabs display the settings and values available to firewalls that are in normal operational mode and that support multiple virtual systems and VPNs. However, you can use the following options to filter the tabs to display only the mode-specific settings you want to edit:
The Panorama tab provides the following pages for managing Panorama and Log Collectors.
Select PanoramaSetup for the following tasks:
Enables you to configure high availability (HA) for a pair of Panorama management servers. Select Panorama > High Availability.
Enables you to see the differences between configuration files. Select Device > Config Audit.
Enables you to define password profiles for Panorama administrators. Select Device > Password Profiles.
Enables you to configure Panorama administrator accounts. Select Panorama > Administrators.
If an administrator account is locked out, the Administrators page displays a lock in the Locked User column. You can click the lock to unlock the account.
Enables you to define administrative roles, which control the privileges and responsibilities of administrators who access Panorama. Select Panorama > Admin Roles.
Enables you to control administrator access to device groups, templates, template stacks, and the web interface of firewalls. Select Panorama > Access Domains.
Enables you to specify a profile for authenticating access to Panorama. Select Device > Authentication Profile.
Enables you to specify a series of authentication profiles to use for permitting access to Panorama. Select Device > Authentication Sequence.
Enables you to configure Panorama to receive user mapping information from User-ID™ agents. Select Device > User Identification > User-ID Agents.
Enables you to manage firewalls, which includes adding firewalls to Panorama as managed devices, displaying firewall connection and license status, tagging firewalls, updating firewall software and content, and loading configuration backups. Select Panorama > Managed Devices.
Enables you to manage configuration options in the Device and Network tabs. Templates and template stacks enable you to reduce the administrative effort of deploying multiple firewalls with the same or similar configurations. Select Panorama > Templates.
Enables you to configure device groups, which group firewalls based on function, network segmentation, or geographic location. Device groups can include physical firewalls, virtual firewalls, and virtual systems.
Typically, firewalls in a device group need similar policy configurations. Using the Policies and Objects tab on Panorama, device groups provide a way to implement a layered approach for managing policies across a network of managed firewalls. You can nest device groups in a tree hierarchy of up to four levels. Descendant groups automatically inherit the policies and objects of ancestor groups and of the Shared location. Select Panorama > Device Groups.
Enables you to manage Log Collectors. Because you use Panorama to configure Log Collectors, they are also called managed collectors. A managed collector can be local to the Panorama management server (M-Series appliance or Panorama virtual appliance in Panorama mode) or a Dedicated Log Collector (M-Series appliance in Log Collector mode). Select Panorama > Managed Collectors.
You can also install Software Updates for Dedicated Log Collectors.
Enables you to manage Collector Groups. A Collector Group logically groups Log Collectors so you can apply the same configuration settings and assign firewalls to them. Panorama uniformly distributes the logs among all the disks in a Log Collector and across all members in the Collector Group. Select Panorama > Collector Groups.
Enables you to manage plugins for third-party integration, such as VMware NSX. Select Panorama > VMware NSX.
Enables you to automate provisioning of VM-Series firewalls by enabling communication between the NSX Manager and Panorama. Select Panorama > VMware NSX.
Enables you to configure and manage certificates, certificate profiles, and keys. Select Manage Firewall and Panorama Certificates.
Enables you to forward logs to Simple Network Management Protocol (SNMP) trap receivers, syslog servers, email servers, and HTTP servers. Select Device > Log Settings.
Enables you to configure profiles for the different server types that provide services to Panorama. Select any of the following to configure a specific server type:
Scheduled Config Export
Enables you to export Panorama and firewall configurations to an FTP server or Secure Copy (SCP) server on a daily basis. Select Panorama > Scheduled Config Export.
Enables you to update Panorama software. Select Panorama > Software.
Enables you to view the latest application definitions and information for new security threats, such as Antivirus signatures (threat prevention license required) and then update Panorama with the new definitions. Select Device > Dynamic Updates.
Enables you to access product and security alerts from Palo Alto Networks. Select Device > Support.
Enables you to deploy software and content updates to firewalls and Log Collectors. Select Panorama > Device Deployment.
Master Key and Diagnostics
Enables you to specify a master key to encrypt private keys on Panorama. By default, Panorama stores private keys in encrypted form even if you don’t specify a new master key. Select Device > Master Key and Diagnostics.
Troubleshoot Commit Failures
Troubleshoot Commit Failures If commit or push operation failures occur on Panorama, check for the following conditions: Symptom Condition Resolution Template or device group push ...
Panorama Commit Operations
Panorama Commit Operations Click Commit at the top right of the web interface and select an operation for pending changes to the Panorama configuration and ...
Centralized Firewall Configuration and Update Management
Centralized Firewall Configuration and Update Management Panorama uses device groups and templates to group firewalls into logical sets that require similar configuration. You use device ...
Templates and Template Stacks
Templates and Template Stacks You use templates to configure the settings that enable firewalls to operate on the network. Templates enable you to define a ...
Panorama > Admin Roles
Panorama > Admin Roles Admin Role profiles are custom roles that define the access privileges and responsibilities of administrators. For example, the roles assigned to ...
Collector Group Configuration
Collector Group Configuration To configure a Collector Group , click Add and complete the following fields. Collector Group Settings Configured In Description Name Panorama Collector ...
Create Template(s) and Device Group(s) on Panorama
Create Template(s) and Device Group(s) on Panorama To manage the VM-Series firewalls for NSX using Panorama, the firewalls must belong to a device group and ...
Provide Granular Access to the Panorama Tab
Provide Granular Access to the Panorama Tab The following table lists the Panorama tab access levels and the custom Panorama administrator roles for which they ...
Configure Panorama for Network Segmentation
Configure Panorama for Network Segmentation To offload Panorama services from the MGT interface to other interfaces, start by configuring the interfaces on the Panorama management ...