Deploy Panorama Virtual Appliances in Legacy Mode with Local Log Collection
The following figure illustrates Panorama in a centralized log collection deployment. In this example, the Panorama management server comprises two Panorama virtual appliances in Legacy mode that are deployed in an active/passive high availability (HA) configuration. This configuration suits firewall management within a VMware virtual infrastructure in which Panorama processes up to 10,000 logs/second. The firewalls send logs to the NFS datastore (ESXi server only) or virtual disk on the Panorama management server. By default, the active and passive peers both receive logs, though you can Modify Log Forwarding and Buffering Defaults so that only the active peer does. For the 5200 and 7000 series firewalls, only the active peer receive logs. By default, the Panorama virtual appliance in Legacy mode uses approximately 11GB on its internal disk partition for log storage, though you can Expand Log Storage Capacity on the Panorama Virtual Appliance if necessary.
If the logging rate increases beyond 10,000 logs per second, it is recommended that you Deploy Panorama with Dedicated Log Collectors.
Perform the following steps to deploy Panorama virtual appliances with local log collection. Skip any steps you have already performed (for example, the initial setup).
- Perform the initial setup of each Panorama virtual
the Panorama Virtual Appliance. To ensure the virtual appliance
starts in Panorama mode, do not add a virtual logging disk during installation.By default, Panorama uses an 11GB partition on its system disk for log storage. If you want more storage, you can add a dedicated virtual logging disk of up to 8TB after the installation.
- Perform Initial Configuration of the Panorama Virtual Appliance.
- Register Panorama and Install Licenses.
- Install Content and Software Updates for Panorama.
- Install the Panorama Virtual Appliance. To ensure the virtual appliance starts in Panorama mode, do not add a virtual logging disk during installation.
- Set up the Panorama virtual appliances in an HA configuration.
- Perform the following steps to prepare Panorama for log collection.
- Commit your changes.Select CommitCommit to Panorama and Commit your changes.
Panorama Models Panorama is available as one of the following virtual or physical appliances, each of which supports licenses for managing up to 25, 100, ...
Log and Report Storage
Log and Report Storage You can edit the default storage quotas for each log type. When a log quota reaches the maximum size, Panorama starts ...
Set Up the Panorama Virtual Appliance
Set Up the Panorama Virtual Appliance The Panorama virtual appliance enables you to use your existing VMware virtual infrastructure to centrally manage and monitor Palo ...
Install Panorama on an ESXi Server
Install Panorama on an ESXi Server Use these instructions to install a new Panorama virtual appliance on a VMware ESXi server. For upgrades to an ...
Log Collection Deployments
Log Collection Deployments The following topics describe how to configure log collection in the most typical deployments. Before starting, Plan Your Panorama Deployment according to ...
Log Storage Partitions for a Panorama Virtual Appliance in ...
Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode Panorama > Setup > Operations By default, a Panorama virtual appliance in Legacy mode ...
Logging Enhancements on the Panorama Virtual Appliance
Logging Enhancements on the Panorama Virtual Appliance You can now create a Log Collector that runs locally on the Panorama virtual appliance. Because the local ...
Manage Log Collection
Manage Log Collection All Palo Alto Networks firewalls can generate logs that provide an audit trail of firewall activities. For Centralized Logging and Reporting , ...
Expand Log Storage Capacity on the Panorama Virtual Appliance
Expand Log Storage Capacity on the Panorama Virtual Appliance After you Perform Initial Configuration of the Panorama Virtual Appliance , the available log storage capacity ...