Panorama Virtual Appliance and Virtual Dedicated Log Collector on Google Cloud Platform

How to deploy a Panorama™ virtual appliance and virtual Dedicated Log Collector on Google® Cloud Platform (GCP™).
You can now deploy Panorama™ and a Dedicated Log Collector on Google® Cloud Platform (GCP™). The Panorama virtual appliance on GCP supports all deployment modes (Panorama, Log Collector, and Management Only) and each mode shares the same processes and functionality as its M-Series counterpart. Refer to Panorama Models for more information on Panorama modes. Panorama virtual appliance and virtual Dedicated Log Collector on GCP is available only on PAN-OS 8.1.1 and later releases.
  1. Download the Panorama virtual appliance image.
    1. Log in to the Palo Alto Networks Support Portal.
    2. Select UpdatesSoftware Updates and filter by Panorama Base Images.
    3. Download the latest version of the Panorama on GCP tar.gz image.
  2. Upload the Panorama virtual appliance image to the Google Cloud Platform.
    1. Log in to the Google Cloud Console.
    2. From the Products and Services menu, select Storage.
    3. Click Create Bucket, configure the new storage bucket and click Create.
    4. Select the storage bucket you created in the previous step, click Upload files, and select the Panorama virtual appliance image you downloaded.
    5. From the Products and Services menu, select Compute EngineImages.
    6. Click Create Image and create the Panorama virtual appliance image:
      1. Name the Panorama virtual appliance image.
      2. In the Source field, select Cloud Storage file from the drop-down menu.
      3. Click Browse and navigate to the storage bucket where you uploaded the Panorama virtual appliance image, and Select the uploaded image.
      4. Create the Panorama virtual appliance image.
  3. Configure the Panorama virtual appliance.
    1. From the Products and Services menu and select the Compute Engine.
    2. Click Create Instance to begin deploying the Panorama virtual appliance.
    3. Add a descriptive Name to easily identify the Panorama virtual appliance.
    4. Select the Zone where you want to deploy the Panorama virtual appliance.
    5. Allocate the Machine Type CPU cores and memory. Refer to the Setup Prerequisites for the Panorama Virtual Appliance for minimum resource requirements.
    6. For the Boot Disk, click ChangeCustom image, select the Panorama image file you uploaded in Step 2, and click Select.
    7. Under Identity and API access, Allow full access to all Cloud APIs.
    8. Under Firewall, Allow HTTPS traffic.
  4. Enable management access to the Panorama virtual appliance.
    1. Expand Management, disks, networking SSH keys.
    2. Enable access to the serial port so you can manage the Panorama virtual appliance.
    3. Configure the management interface on the Panorama virtual appliance.
      To learn more about how to reserve IP addresses, refer to the information about how to Reserve a Static Internal IP Address and how to Reserve a Static External IP Address.
      The Panorama virtual appliance on GCP supports a single management interface; ou must use this interface for log collection and device management.
    4. Configure the SSH key. You need an SSH key to access the Panorama virtual appliance CLI to configure the administrative user password after initial deployment.
  5. (Panorama and Log Collector mode) Add additional storage for log collection. Repeat this step as needed to add additional virtual logging disks.
    If you intend to use the Panorama virtual appliance in Panorama mode or as a Dedicated Log Collector, add the virtual logging disks during the initial deployment. By default, the Panorama virtual appliance is in Panorama mode for the initial deployment when you meet the Panorama mode resource requirements and you have added at least one virtual logging disk. Otherwise, the Panorama virtual appliance defaults to Management Only mode. Change the Panorama virtual appliance to Management Only mode if you need to only manage devices and Dedicated Log Collectors and you don’t need to collect logs locally.
    The Panorama virtual appliance on GCP supports only 2TB logging disks and, in total, supports up to 24TB of log storage. You cannot add a logging disk smaller than 2TB or a logging disk with a size that is not evenly divisible by the 2TB logging disk requirement because the Panorama virtual appliance partitions logging disks larger than 2TB into 2TB partitions.
  6. Create (deploy) the Panorama virtual appliance. The Panorama virtual appliances takes approximately 10 minutes to boot up after initial deployment.
  7. Configure a new administrative password for the Panorama virtual appliance.
    Use a private key to access the CLI and configure a unique administrative password so that you can access the web interface of the Panorama virtual appliance.
  8. Activate the licenses on the Panorama virtual appliance.
  9. Finish configuring the Panorama virtual appliance for your deployment needs.

Related Documentation