Panorama Models

• Panorama virtual appliance—This model allows for simple installation and facilitates server consolidation for sites that need a virtual management appliance. You can install Panorama on a VMware ESXi server or on VMware vCloud Air. The virtual appliance can collect firewall logs locally at rates up to 10,000 logs per second and can manage Dedicated Log Collectors for higher logging rates. The virtual appliance can function only as a Panorama management server, not a Dedicated Log Collector. You can deploy the virtual appliance in the following modes:
  • Panorama mode—In this mode, the Panorama virtual appliance supports a local Log Collector with 1 to 12 virtual logging disks (see Deploy Panorama Virtual Appliances with Local Log Collectors). Each logging disk has 2TB of storage capacity for a total maximum of 24TB on a single virtual appliance and 48TB on a high availability (HA) pair. Only Panorama mode enables you to add multiple virtual logging disks without losing logs on existing disks. Panorama mode also provides the benefit of faster report generation. In Panorama mode, the virtual appliance does not support NFS storage.
    As a best practice, deploy the virtual appliance in Panorama mode to optimize log storage and report generation.
  • Legacy mode—In this mode, the Panorama virtual appliance receives and stores firewall logs without using a local Log Collector (see Deploy Panorama Virtual Appliances in Legacy Mode with Local Log Collection). By default, the virtual appliance in Legacy mode has one disk partition for all data. Approximately 11GB of the partition is allocated to log storage. If you need more local log storage, you can add one virtual disk of up to 8TB on ESXi 5.5 and later versions or on vCloud Air. Earlier ESXi versions support one virtual disk of up to 2TB. If you need more than 8TB, you can mount the virtual appliance in Legacy mode to an NFS datastore but only on the ESXi server, not in vCloud Air.
• M-Series appliance—The M-100 appliance and M-500 appliance are dedicated hardware appliances intended for large-scale deployments. In environments with high logging rates (over 10,000 logs per second) and log retention requirements, these appliances enables scaling of your log collection infrastructure. Both M-Series models share the following attributes:
  • RAID drives to store firewall logs and RAID 1 mirroring to protect against disk failures
  • SSD to store the logs that Panorama and Log Collectors generate
  • MGT, Eth1, Eth2, and Eth3 interfaces that support 1Gbps throughput
  The M-500 appliance has the following additional attributes, which make it more suitable for data centers:
  • Redundant, hot-swappable power supplies
  • Front-to-back airflow
  • Eth4 and Eth5 interfaces that support 10Gbps throughput
  You can deploy the M-Series appliances in the following modes:
  • Panorama mode—The appliance functions as a Panorama management server to manage firewalls and Dedicated Log Collectors. The appliance also supports a local Log Collector to aggregate firewall logs. Panorama mode is the default mode. For configuration details, see Deploy Panorama M-Series Appliances with Local Log Collectors.
  • Log Collector mode—The appliance functions as a Dedicated Log Collector. If multiple firewalls forward large volumes of log data, an M-Series appliance in Log Collector mode provides increased scale and performance. In this mode, the appliance has no web interface for administrative access, only a command line interface (CLI). However, you can manage the appliance using the web interface of the Panorama management server. CLI access to an M-Series appliance in Log Collector mode is necessary only for initial setup and debugging. For configuration details, see Deploy Panorama with Dedicated Log Collectors.
  The log storage capacity and maximum log collection rate varies by model and mode, as described in Table: Panorama Log Storage and Collection Rates. For more details and specifications, see the M-100 and M-500 Hardware Reference Guides.