: Logging Failover on a Panorama Virtual Appliance in Legacy Mode
Focus
Focus

Logging Failover on a Panorama Virtual Appliance in Legacy Mode

Table of Contents

Logging Failover on a Panorama Virtual Appliance in Legacy Mode

The Panorama virtual appliance in Legacy mode provides the following log failover options:
Log Storage Type
Description
Virtual disk
By default, the managed firewalls send logs as independent streams to each Panorama HA peer. By default, if a peer becomes unavailable, the managed firewalls buffer the logs and when the peer reconnects it resumes sending logs from where it had left off (subject to disk storage capacity and duration of the disconnection).
The maximum log storage capacity depends on the virtual platform (VMware ESXi or vCloud Air); see Panorama Models for details.
You can choose whether to forward logs only to the active peer (see Modify Log Forwarding and Buffering Defaults). However, Panorama does not support log aggregation across the HA pair. Therefore, if you log to a virtual disk, for monitoring and reporting you must query the Panorama peer that collects the logs from the managed firewalls.
Network File System (NFS)
You can mount NFS storage only to a Panorama virtual appliance that runs on a VMware ESXi server. Only the active-primary Panorama mounts to the NFS-based log partition and can receive logs. On failover, the primary device goes into a passive-primary state. In this scenario, until preemption occurs, the active-secondary Panorama manages the firewalls, but it does not receive the logs and it cannot write to the NFS. To allow the active-secondary peer to log to the NFS, you must manually switch it to primary so that it can mount to the NFS partition. For instructions, see Switch Priority after Panorama Failover to Resume NFS Logging.