Panorama Virtual Appliance and Virtual Dedicated Log Collector on Google Cloud Platform

How to deploy a Panorama™ virtual appliance and virtual Dedicated Log Collector on Google® Cloud Platform (GCP™).
You can now deploy Panorama™ and a Dedicated Log Collector on Google® Cloud Platform (GCP™). The Panorama virtual appliance on GCP supports all deployment modes (Panorama, Log Collector, and Management Only) and each mode shares the same processes and functionality as its M-Series counterpart. Refer to Panorama Models for more information on Panorama modes. Panorama virtual appliance and virtual Dedicated Log Collector on GCP is available only on PAN-OS 8.1.1 and later releases.
  1. Download the Panorama virtual appliance image.
    1. Select
      Updates
      Software Updates
      and filter by
      Panorama Base Images
      .
    2. Download the latest version of the Panorama on GCP
      tar.gz
      image.
  2. Upload the Panorama virtual appliance image to the Google Cloud Platform.
    1. Log in to the Google Cloud Console.
    2. From the
      Products and Services
      menu, select
      Storage
      .
    3. Click
      Create Bucket
      , configure the new storage bucket and click
      Create.
    4. Select the storage bucket you created in the previous step, click
      Upload files
      , and select the Panorama virtual appliance image you downloaded.
    5. From the
      Products and Services
      menu, select
      Compute Engine
      Images
      .
    6. Click
      Create Image
      and create the Panorama virtual appliance image:
      1. Name
        the Panorama virtual appliance image.
      2. In the
        Source
        field, select
        Cloud Storage file
        from the drop-down menu.
      3. Click
        Browse
        and navigate to the storage bucket where you uploaded the Panorama virtual appliance image, and
        Select
        the uploaded image.
      4. Create
        the Panorama virtual appliance image.
  3. Configure the Panorama virtual appliance.
    1. From the
      Products and Services
      menu and select the
      Compute Engine
      .
    2. Click
      Create Instance
      to begin deploying the Panorama virtual appliance.
    3. Add a descriptive
      Name
      to easily identify the Panorama virtual appliance.
    4. Select the
      Zone
      where you want to deploy the Panorama virtual appliance.
    5. Allocate the
      Machine Type
      CPU cores and memory. Refer to the Setup Prerequisites for the Panorama Virtual Appliance for minimum resource requirements.
    6. For the
      Boot Disk
      , click
      Change
      Custom image
      , select the Panorama image file you uploaded in Step 2, and click
      Select
      .
    7. Under
      Identity and API access
      ,
      Allow full access to all Cloud APIs
      .
    8. Under
      Firewall
      ,
      Allow HTTPS traffic
      .
  4. Enable management access to the Panorama virtual appliance.
    1. Expand
      Management, disks, networking SSH keys
      .
    2. Enable access to the serial port so you can manage the Panorama virtual appliance.
    3. Configure the management interface on the Panorama virtual appliance.
      To learn more about how to reserve IP addresses, refer to the information about how to Reserve a Static Internal IP Address and how to Reserve a Static External IP Address.
      The Panorama virtual appliance on GCP supports a single management interface; ou must use this interface for log collection and device management.
    4. Configure the SSH key. You need an SSH key to access the Panorama virtual appliance CLI to configure the administrative user password after initial deployment.
  5. (
    Panorama and Log Collector mode
    ) Add additional storage for log collection. Repeat this step as needed to add additional virtual logging disks.
    If you intend to use the Panorama virtual appliance in Panorama mode or as a Dedicated Log Collector, add the virtual logging disks during the initial deployment. By default, the Panorama virtual appliance is in Panorama mode for the initial deployment when you meet the Panorama mode resource requirements and you have added at least one virtual logging disk. Otherwise, the Panorama virtual appliance defaults to Management Only mode. Change the Panorama virtual appliance to Management Only mode if you need to only manage devices and Dedicated Log Collectors and you don’t need to collect logs locally.
    The Panorama virtual appliance on GCP supports only 2TB logging disks and, in total, supports up to 24TB of log storage. You cannot add a logging disk smaller than 2TB or a logging disk with a size that is not evenly divisible by the 2TB logging disk requirement because the Panorama virtual appliance partitions logging disks larger than 2TB into 2TB partitions.
  6. Create
    (deploy) the Panorama virtual appliance. The Panorama virtual appliances takes approximately 10 minutes to boot up after initial deployment.
  7. Configure a new administrative password for the Panorama virtual appliance.
    Use a private key to access the CLI and configure a unique administrative password so that you can access the web interface of the Panorama virtual appliance.
  8. Activate the licenses on the Panorama virtual appliance.
  9. Finish configuring the Panorama virtual appliance for your deployment needs.

Related Documentation