PAN-OS 8.1 introduces the following new Panorama features: Device Monitoring on Panorama, Support for Panorama Virtual Appliance in New Environments, Dedicated Log Collector in Virtual Environments, Configuration Reusability for Templates and Template Stacks.
|New Panorama Feature||Description|
|Device Monitoring on Panorama|
Monitoring resource utilization on firewalls helps you assess the impact of substantial policy changes and operational activities, benchmark across locations with similar traffic profiles, and in proactively tracking device component health. The data needed to conduct these analyses is often aggregated in separate tools that firewall administrators cannot access. With Device Monitoring on Panorama you can now track resource utilization, environmental conditions, and other key operational metrics over time and in bulk across large deployments. With this new ability, Panorama can highlight devices operating outside their normal ranges and provide the data you need to accelerate investigation and make informed decisions.
|Configuration Reusability for Templates and Template Stacks|
Deploying firewalls with few differences in networking/device level configuration often requires duplication of templates on Panorama. Such duplication increases operational overhead and the chances of configuration errors. PAN-OS 8.1 introduces variables for device-specific IP values, which enable you to use the same templates in a template stack for multiple appliances that have unique configurations so that you can minimize template duplication and reduce inconsistencies between appliances.
|Support for Panorama Virtual Appliance in New Environments|
The Panorama virtual appliance is now supported on AWS, AWS GovCloud, Azure, Google™ Cloud Platform, KVM, and Hyper-V to provide more flexibility. The functionality and features on the Panorama virtual appliance match the hardware-based M-Series appliances so you have the option of deploying the entire Panorama environment on the newly supported hypervisors or on a mix of both physical and virtual appliances and reduce your physical footprint.
|Dedicated Log Collectors in Virtual Environments|
You can now deploy Dedicated Log Collectors in virtual environments to align with your business strategy and reduce capital costs. Because the virtual Dedicated Log Collectors on AWS, AWS GovCloud, Azure, Google™ Cloud Platform, KVM, Hyper-V, and VMware ESXi provide the same functionality as hardware-based M-series appliances, you now have the flexibility to scale your log collection infrastructure without the challenges associated with physically deploying hardware.
|Management Only Mode|
Panorama in Management Only mode is now available for you to offload logging to the Logging Service and/or your on premise distributed Log Collectors. In this mode you can continue to use Panorama for centralized configuration, device management, and deployment of your managed firewalls, Log Collectors and Wildfire clusters, and have a single pane for monitoring network and threat activity on the ACC and for generating reports. On a Panorama virtual appliance this mode provides a smaller memory footprint, and on a hardware-based Panorama appliance it frees up resources required for log collection functions. Because the log-related capabilities are not enabled in this mode, the configuration management capability on Panorama is more efficient and results in faster commit times, speedier configuration pushes, and deployment of software and content updates.
|Device Management License Enforcement for Panorama|
In PAN-OS 8.1, Panorama validates that a valid device management and associated support licenses exist for the firewalls you plan to manage on Panorama. New and existing Panorama virtual appliances running PAN-OS 8.1 have a 180-day grace period from deployment or upgrade to download and install the device management license if you don’t already have one installed.
|Content Update Revert from Panorama|
Revert content updates on one or more managed firewalls, Log Collectors, or WildFire appliances from Panorama without the need to log in to each managed appliance to revert the content version for each appliance individually. This capability reduces the time required to restore your environment when a content update negatively impacts your network operations.
|Direct Query of PA-7000 Series Firewalls from Panorama|
Because the PA-7000 Series firewall can now forward logs to Panorama, Panorama no longer treats the PA-7000 Series firewalls it manages as Log Collectors. If you have not configured your managed PA-7000 Series firewalls to forward logs to Panorama, by default you can only view the logs from the local firewall and not from Panorama. If you do not yet have a log forwarding infrastructure capable of handling the logging rate and volume from your PA-7000 Series firewalls, you can now enable Panorama to directly query managed PA-7000 Series firewalls so that you can view the logs directly from Panorama.
Panorama Features Device Monitoring on Panorama Monitor managed firewall health through Panorama™ to baseline performance and identify hardware issues before they compromise your network security. ...
Migrate from a Panorama Virtual Appliance to an M-Series Ap...
Migrate from a Panorama Virtual Appliance to an M-Series Appliance You can migrate the Panorama configuration from a Panorama virtual appliance to an M-Series appliance ...
Panorama > Managed Collectors
Panorama > Managed Collectors The Panorama management server (M-Series appliance or Panorama virtual appliance in Panorama mode) can manage Dedicated Log Collectors (M-Series appliances or ...
Panorama Models Panorama is available as one of the following virtual or physical appliances, each of which supports licenses for managing up to 25, 100, ...
CLI Cheat Sheet: Panorama
CLI Cheat Sheet: Panorama Use the following commands on Panorama to perform common configuration and monitoring tasks for the Panorama management server (M-Series appliance in ...
Panorama Virtual Appliance and Virtual Dedicated Log Collector on KVM
How to deploy a Panorama™ virtual appliance and virtual Dedicated Log Collector on KVM. ...
Migrate from an M-100 Appliance to an M-500 Appliance
Migrate from an M-100 Appliance to an M-500 Appliance You can migrate the Panorama configuration and firewall logs from an M-100 appliance to an M-500 ...
Panorama Virtual Appliance and Virtual Dedicated Log Collector on Google Cloud Platform
How to deploy a Panorama™ virtual appliance and virtual Dedicated Log Collector on Google® Cloud Platform (GCP™). ...
Deploy Panorama with Dedicated Log Collectors
Deploy Panorama with Dedicated Log Collectors The following figures illustrate Panorama in a distributed log collection deployment. In these examples, the Panorama management server comprises ...