Monitoring resource utilization on firewalls helps you assess the impact of substantial policy changes and operational activities, benchmark across locations with similar traffic profiles, and in proactively tracking device component health. The data needed to conduct these analyses is often aggregated in separate tools that firewall administrators cannot access. With Device Monitoring on Panorama you can now track resource utilization, environmental conditions, and other key operational metrics over time and in bulk across large deployments. With this new ability, Panorama can highlight devices operating outside their normal ranges and provide the data you need to accelerate investigation and make informed decisions.

Deploying firewalls with few differences in networking/device level configuration often requires duplication of templates on Panorama. Such duplication increases operational overhead and the chances of configuration errors. PAN-OS 8.1 introduces variables for device-specific IP values, which enable you to use the same templates in a template stack for multiple appliances that have unique configurations so that you can minimize template duplication and reduce inconsistencies between appliances.

The Panorama virtual appliance is now supported on AWS, AWS GovCloud, Azure, Google™ Cloud Platform, KVM, and Hyper-V to provide more flexibility. The functionality and features on the Panorama virtual appliance match the hardware-based M-Series appliances so you have the option of deploying the entire Panorama environment on the newly supported hypervisors or on a mix of both physical and virtual appliances and reduce your physical footprint.

You can now deploy Dedicated Log Collectors in virtual environments to align with your business strategy and reduce capital costs. Because the virtual Dedicated Log Collectors on AWS, AWS GovCloud, Azure, Google™ Cloud Platform, KVM, Hyper-V, and VMware ESXi provide the same functionality as hardware-based M-series appliances, you now have the flexibility to scale your log collection infrastructure without the challenges associated with physically deploying hardware.

Panorama in Management Only mode is now available for you to offload logging to the Logging Service and/or your on premise distributed Log Collectors. In this mode you can continue to use Panorama for centralized configuration, device management, and deployment of your managed firewalls, Log Collectors and Wildfire clusters, and have a single pane for monitoring network and threat activity on the ACC and for generating reports. On a Panorama virtual appliance this mode provides a smaller memory footprint, and on a hardware-based Panorama appliance it frees up resources required for log collection functions. Because the log-related capabilities are not enabled in this mode, the configuration management capability on Panorama is more efficient and results in faster commit times, speedier configuration pushes, and deployment of software and content updates.

In PAN-OS 8.1, Panorama validates that a valid device management and associated support licenses exist for the firewalls you plan to manage on Panorama. New and existing Panorama virtual appliances running PAN-OS 8.1 have a 180-day grace period from deployment or upgrade to download and install the device management license if you don’t already have one installed.

Revert content updates on one or more managed firewalls, Log Collectors, or WildFire appliances from Panorama without the need to log in to each managed appliance to revert the content version for each appliance individually. This capability reduces the time required to restore your environment when a content update negatively impacts your network operations.