Add a Firewall as a Managed Device
To use Panorama for managing your firewalls, you will need to enable a connection between the firewall and Panorama. This connections requires you enter the Panorama IP address on each firewall that will be managed, and to enter the serial number of each firewall on Panorama.
The firewall uses the Panorama server IP address to set up an SSL connection to register with Panorama. Panorama and the firewall authenticate each other using 2,048-bit certificates and AES-256 encrypted SSL connections for configuration management and log collection. Prepare Panorama, and each firewall as follows:
- Configure the firewall to communicate with Panorama.Repeat this step for each firewall Panorama will manage.
- Perform initial configuration on the firewall so that it is accessible and can communicate with Panorama over the network.
- Configure each data interface you plan to use on the firewall and attach it to a security zone so that you can push configuration and policy from Panorama.
- Add the Panorama IP address to the firewall.
- Select DeviceSetupManagement and edit the Panorama Settings.
- Enter the Panorama IP address in the first field.
- (Optional) If you have set up a High Availability pair in Panorama, enter the IP address of the secondary Panorama in the second field.
- Click OK.
- Select Commit and Commit your changes.
- Add the firewall to Panorama.
- Select PanoramaManaged Devices and click Add.
- Enter the serial number for each firewall (one entry per line) that you want to manage centrally using Panorama, and then click OK. The Managed Devices page displays the new firewall.
- (Optional) Add a Tag.
Tags make it easier for you to find a firewall from a large list;
they help you to dynamically filter and refine the list of firewalls
that display. For example, if you add a tag called branch office,
you can filter for all branch office firewalls across your network.
- Select the check box beside the firewall and click Tag.
- Click Add, enter a string of up to 31 characters (no empty spaces), and click OK.
- If your deployment is using custom certificates for authentication between Panorama and managed devices, deploy the custom client device certificate. For more information, see Set Up Authentication Using Custom Certificates and Add New Client Devices.
- Select CommitCommit to Panorama and Commit your changes.
- Verify that the firewall is connected to Panorama.In the PanoramaManaged Devices page, the Device State column displays whether the firewall is connected or disconnected to Panorama.
Managed Firewall Administration
Managed Firewall Administration You can perform the following administrative tasks on firewalls. Task Description Add Add firewalls and enter their serial numbers (one per row) ...
Add New Client Devices
Add New Client Devices When adding a new firewall or Log Collector to Panorama, the workflow depends on whether or not these devices are configured ...
Configure Authentication Using Custom Certificates on Managed Devices
Configure Authentication Using Custom Certificates on Managed Devices Complete the following procedure to configure the client side (firewall or Log Collector) to use custom certificates ...
Deploy Custom Certificates
Deploy Custom Certificates Complete the following procedure to obtain custom certificates and deploy them on your Panorama and its managed devices. Generate or obtain your ...
Managed Firewall Information
Managed Firewall Information Select Panorama Managed Devices to display the following information for each managed firewall. Managed Firewall Information Description Device Group Displays the name ...
Set Up the M-Series Appliance as a Log Collector
Set Up the M-Series Appliance as a Log Collector If you want a dedicated appliance for log collection, configure an M-100 or M-500 appliance in ...
Migrate a Firewall to Panorama Management
Migrate a Firewall to Panorama Management When you import a firewall configuration, Panorama automatically creates a template to contain the imported network and device settings. ...
Deploy Custom Certificates for Panorama HA
Deploy Custom Certificates for Panorama HA You can configure mutual authentication using custom certificates for securing the HA connection between Panorama HA peers. Complete the ...
Set Up Authentication Using Custom Certificates Between HA Peers
Set Up Authentication Using Custom Certificates Between HA Peers You can Set Up Authentication Using Custom Certificates for securing the HA connection between Panorama HA ...