Use the Panorama Web Interface
The web interface on both Panorama and the firewall has the same look and feel. However, the Panorama web interface includes additional options and a Panorama-specific tab for managing Panorama and for using Panorama to manage firewalls and Log Collectors.
The following common fields appear in the header or footer of several Panorama web interface pages.
Monitortabs, click refresh ( ) in the tab header to manually refresh data in those tabs. You can also use the unlabeled drop-down on the right side of the tab header to select an automatic refresh interval in minutes (
2 mins, or
5 mins); to disable automatic refreshing, select
An access domain defines access to specific device groups, templates, and individual firewalls (through the
Contextdrop-down). If you log in as an administrator with multiple access domains assigned to your account, the
Monitortabs display information (such as log data) only for the
Access Domainyou select in the footer of the web interface.
If only one access domain is assigned to your account, the web interface does not display the
A device group comprises firewalls and virtual systems that you manage as a group (see Panorama > Device Groups). The
Monitortabs display information (such as log data) only for the
Device Groupyou select in the tab header. In the
Objectstabs, you can configure settings for a specific
Device Groupor for all device groups (select
A template is a group of firewalls with common network and device settings, and a template stack is a combination of templates (see Panorama > Templates). In the
Devicetabs, you configure settings for a specific
Templateor template stack. Because you can edit settings only within individual templates, the settings in these tabs are read-only if you select a template stack.
View by: Device
By default, the
Devicetabs display the settings and values available to firewalls that are in normal operational mode and that support multiple virtual systems and VPNs. However, you can use the following options to filter the tabs to display only the mode-specific settings you want to edit:
Panoramatab provides the following pages for managing Panorama and Log Collectors.
for the following tasks:
Enables you to configure Panorama administrator accounts. Select Panorama > Administrators.
If an administrator account is locked out, the
Administratorspage displays a lock in the Locked User column. You can click the lock to unlock the account.
Enables you to manage firewalls, which includes adding firewalls to Panorama as
managed devices, displaying firewall connection and license status, tagging firewalls, updating firewall software and content, and loading configuration backups. Select Panorama > Managed Devices.
Enables you to manage configuration options in the
Networktabs. Templates and template stacks enable you to reduce the administrative effort of deploying multiple firewalls with the same or similar configurations. Select Panorama > Templates.
Enables you to configure device groups, which group firewalls based on function, network segmentation, or geographic location. Device groups can include physical firewalls, virtual firewalls, and virtual systems.
Typically, firewalls in a device group need similar policy configurations. Using the
Objectstab on Panorama, device groups provide a way to implement a layered approach for managing policies across a network of managed firewalls. You can nest device groups in a tree hierarchy of up to four levels. Descendant groups automatically inherit the policies and objects of ancestor groups and of the Shared location. Select Panorama > Device Groups.
Enables you to manage Log Collectors. Because you use Panorama to configure Log Collectors, they are also called
managed collectors. A managed collector can be local to the Panorama management server (M-Series appliance or Panorama virtual appliance in Panorama mode) or a Dedicated Log Collector (M-Series appliance in Log Collector mode). Select Panorama > Managed Collectors.
You can also install Software Updates for Dedicated Log Collectors.
Enables you to manage Collector Groups. A Collector Group logically groups Log Collectors so you can apply the same configuration settings and assign firewalls to them. Panorama uniformly distributes the logs among all the disks in a Log Collector and across all members in the Collector Group. Select Panorama > Collector Groups.
Enables you to configure profiles for the different server types that provide services to Panorama. Select any of the following to configure a specific server type:
Scheduled Config Export
Enables you to view the latest application definitions and information for new security threats, such as Antivirus signatures (threat prevention license required) and then update Panorama with the new definitions. Select Device > Dynamic Updates.
Master Key and Diagnostics
Enables you to specify a master key to encrypt private keys on Panorama. By default, Panorama stores private keys in encrypted form even if you don’t specify a new master key. Select Device > Master Key and Diagnostics.
Centralized Firewall Configuration and Update Management
Centralized Firewall Configuration and Update Management Panorama uses device groups and templates to group firewalls into logical sets that require similar configuration. You use device ...
Panorama Commit Operations
Panorama Commit Operations Click Commit at the top right of the web interface and select an operation for pending changes to the Panorama configuration and ...
Templates and Template Stacks
Templates and Template Stacks You use templates to configure the settings that enable firewalls to operate on the network. Templates enable you to define a ...
Troubleshoot Commit Failures
Troubleshoot Commit Failures If commit or push operation failures occur on Panorama, check for the following conditions: Symptom Condition Resolution Template or device group push ...
Panorama > Admin Roles
Panorama > Admin Roles Admin Role profiles are custom roles that define the access privileges and responsibilities of administrators. For example, the roles assigned to ...
Collector Group Configuration
Collector Group Configuration To configure a Collector Group , click Add and complete the following fields. Collector Group Settings Configured In Description Name Panorama Collector ...
Create Template(s) and Device Group(s) on Panorama
Create Template(s) and Device Group(s) on Panorama To manage the VM-Series firewalls for NSX using Panorama, the firewalls must belong to a device group and ...
Provide Granular Access to the Panorama Tab
Provide Granular Access to the Panorama Tab The following table lists the Panorama tab access levels and the custom Panorama administrator roles for which they ...
Access Domains Access domains control administrative access to specific Device Groups and templates , and also control the ability to switchcontext to the web interface ...