A Panorama deployment comprises the Panorama management server (which has a browser-based interface), optional Log Collectors, and the Palo Alto Networks firewalls that Panorama manages. The recommended deployments are:
For the procedures to configure the most typical log collection deployments, see Log Collection Deployments.
Panorama for Centralized Management and Reporting
The following diagram illustrates how you can deploy the Panorama virtual appliance or M-Series appliance in a redundant configuration for the following benefits:
Centralized management —Centralized policy and firewall management that allows for rapid deployment and management of up to one thousand firewalls. Visibility—Centralized logging and reporting to analyze and report on user-generated traffic and potential threats. Role-based access control —Appropriate levels of administrative control at the firewall level or global level for administration and management.
Panorama in a Distributed Log Collection Deployment
You can deploy the hardware-based Panorama—the M-Series appliance—either as a Panorama management server that performs management and log collection functions or as a Dedicated Log Collector that provides a comprehensive log collection solution for the firewalls on your network. Using the M-Series appliance as a Log Collector allows for a more robust environment where the log collection process is offloaded to a dedicated appliance. Using a dedicated appliance in a distributed log collection (DLC) deployment provides redundancy, improved scalability, and capacity for longer term log storage.
In a DLC deployment, the Panorama management server (Panorama virtual appliance or an M-Series appliance in Panorama mode) manages the firewalls and the Log Collectors. Using Panorama, you configure the firewalls to send logs to one or more Log Collectors. You can then use Panorama to query the Log Collectors and provide an aggregated view of network traffic. In a DLC configuration, you can access the logs stored on the Log Collectors from both the primary and secondary Panorama peers in a high availability (HA) pair.
In the following topology, the Panorama peers in an HA configuration manage the deployment and configuration of firewalls. This solution provides the following benefits:
Enables the Panorama management server to use more resources for management functions. Provides high-volume log storage on a dedicated hardware appliance. Enables higher logging rates. Provides horizontal scalability and redundancy with RAID 1 storage. Optimizes bandwidth resources in networks where more bandwidth is available for firewalls to send logs to nearby Log Collectors than to a remote Panorama management server. Enables you to meet regional regulatory requirements (for example, regulations might not allow logs to leave a particular region).

Related Documentation