Home
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
MENU
Home
Panorama
Version 8.0
Panorama Administrator's Guide
Set Up Panorama
Access and Navigate Panorama Management Interfaces
Log in to the Panorama CLI
Document:
Panorama Administrator's Guide
Log in to the Panorama CLI
Download PDF
Last Updated:
Wed Nov 24 10:44:39 PST 2021
Current Version:
8.0 (EoL)
Version 10.2
Version 10.1
Version 10.0 (EoL)
Version 9.1
Version 9.0 (EoL)
Version 8.1 (EoL)
Version 8.0 (EoL)
Version 7.1 (EoL)
Table of Contents
Search the Table of Contents
Panorama Overview
About Panorama
Panorama Models
Centralized Firewall Configuration and Update Management
Context Switch—Firewall or Panorama
Templates and Template Stacks
Device Groups
Device Group Hierarchy
Device Group Policies
Device Group Objects
Centralized Logging and Reporting
Managed Collectors and Collector Groups
Local and Distributed Log Collection
Caveats for a Collector Group with Multiple Log Collectors
Log Forwarding Options
Centralized Reporting
User-ID Redistribution Using Panorama
Role-Based Access Control
Administrative Roles
Authentication Profiles and Sequences
Access Domains
Administrative Authentication
Panorama Commit, Validation, and Preview Operations
Plan Your Panorama Deployment
Deploy Panorama: Task Overview
Set Up Panorama
Determine Panorama Log Storage Requirements
Set Up the Panorama Virtual Appliance
Setup Prerequisites for the Panorama Virtual Appliance
Install the Panorama Virtual Appliance
Install Panorama on an ESXi Server
Install Panorama on vCloud Air
Support for VMware Tools on the Panorama Virtual Appliance
Perform Initial Configuration of the Panorama Virtual Appliance
Set Up the Panorama Virtual Appliance with Local Log Collector
Expand Log Storage Capacity on the Panorama Virtual Appliance
Preserve Existing Logs When Adding Storage on Panorama Virtual Appliance in Legacy Mode
Add a Virtual Disk to Panorama on an ESXi Server
Add a Virtual Disk to Panorama on vCloud Air
Mount the Panorama ESXi Server to an NFS Datastore
Increase CPUs and Memory on the Panorama Virtual Appliance
Increase CPUs and Memory for Panorama on an ESXi Server
Increase CPUs and Memory for Panorama on vCloud Air
Complete the Panorama Virtual Appliance Setup
Set Up the M-Series Appliance
M-Series Appliance Interfaces
M-Series Setup Overview
Set Up an M-Series Appliance in Panorama Mode
Set Up an M-Series Appliance in Log Collector Mode
Perform Initial Configuration of the M-Series Appliance
Set Up the M-Series Appliance as a Log Collector
Increase Storage on the M-Series Appliance
Add Additional Drives to an M-Series Appliance
Upgrade Drives on M-Series Appliances Running Panorama 7.0.8 or a Later Release
Upgrade Drives on M-Series Appliances Running Panorama 7.0.7 or an Earlier Release
Configure Panorama to Use Multiple Interfaces
Multiple Interfaces for Network Segmentation Example
Configure Panorama for Network Segmentation
Register Panorama and Install Licenses
Register Panorama
Activate a Panorama Support License
Activate/Retrieve a Firewall Management License on the Panorama Virtual Appliance
Activate/Retrieve a Firewall Management License on the M-Series Appliance
Install Content and Software Updates for Panorama
Panorama, Log Collector, Firewall, and WildFire Version Compatibility
Install Updates for Panorama in an HA Configuration
Install Updates for Panorama with an Internet Connection
Install Updates for Panorama When Not Internet-Connected
Migrate Panorama Logs to the New Log Format
Transition to a Different Panorama Model
Migrate from a Panorama Virtual Appliance to an M-Series Appliance
Migrate from an M-Series Appliance to a Panorama Virtual Appliance
Migrate from an M-100 Appliance to an M-500 Appliance
Access and Navigate Panorama Management Interfaces
Log in to the Panorama Web Interface
Navigate the Panorama Web Interface
Log in to the Panorama CLI
Set Up Administrative Access to Panorama
Configure an Admin Role Profile
Configure an Access Domain
Configure Administrative Accounts and Authentication
Configure a Panorama Administrator Account
Configure Local or External Authentication for Panorama Administrators
Configure a Panorama Administrator with Certificate-Based Authentication for the Web Interface
Configure an Administrator with SSH Key-Based Authentication for the CLI
Configure RADIUS Authentication for Panorama Administrators
Configure TACACS+ Authentication for Panorama Administrators
Configure SAML Authentication for Panorama Administrators
Set Up Authentication Using Custom Certificates
How Are SSL/TLS Connections Mutually Authenticated?
Configure Authentication Using Custom Certificates on Panorama
Configure Authentication Using Custom Certificates on Managed Devices
Add New Client Devices
Change Certificates
Change a Server Certificate
Change a Client Certificate
Change a Root or Intermediate CA Certificate
Manage Firewalls
Add a Firewall as a Managed Device
Manage Device Groups
Add a Device Group
Create a Device Group Hierarchy
Create Objects for Use in Shared or Device Group Policy
Revert to Inherited Object Values
Manage Unused Shared Objects
Manage Precedence of Inherited Objects
Move or Clone a Policy Rule or Object to a Different Device...
Select a URL Filtering Vendor on Panorama
Must Panorama and Firewalls Have Matching URL Filtering Ven...
Change the URL Filtering Vendor on HA Panorama
Change the URL Filtering Vendor on non-HA Panorama
Migrate Panorama and HA Firewalls from BrightCloud to PAN-D...
Migrate Panorama and non-HA Firewalls from BrightCloud to P...
Push a Policy Rule to a Subset of Firewalls
Manage the Rule Hierarchy
Manage Templates and Template Stacks
Template Capabilities and Exceptions
Add a Template
Configure a Template Stack
Override a Template Setting
Disable/Remove Template Settings
Redistribute User-ID Information to Managed Firewalls
Transition a Firewall to Panorama Management
Plan the Transition to Panorama Management
Migrate a Firewall to Panorama Management
Migrate a Firewall HA Pair to Panorama Management
Load a Partial Firewall Configuration into Panorama
Use Case: Configure Firewalls Using Panorama
Device Groups in this Use Case
Templates in this Use Case
Set Up Your Centralized Configuration and Policies
Add the Managed Firewalls and Deploy Updates
Use Templates to Administer a Base Configuration
Use Device Groups to Push Policy Rules
Preview the Rules and Commit Changes
Manage Log Collection
Configure a Managed Collector
Manage Collector Groups
Configure a Collector Group
Move a Log Collector to a Different Collector Group
Remove a Firewall from a Collector Group
Configure Log Forwarding to Panorama
Verify Log Forwarding to Panorama
Modify Log Forwarding and Buffering Defaults
Configure Log Forwarding from Panorama to External Destinations
Log Collection Deployments
Deploy Panorama with Dedicated Log Collectors
Deploy Panorama M-Series Appliances with Local Log Collectors
Deploy Panorama Virtual Appliances with Local Log Collectors
Deploy Panorama Virtual Appliances in Legacy Mode with Local Log Collection
Manage WildFire Appliances
Add Standalone WildFire Appliances to Manage with Panorama
Configure Basic WildFire Appliance Settings on Panorama
Remove a WildFire Appliance from Panorama Management
Manage Licenses and Updates
Manage Licenses on Firewalls Using Panorama
Deploy Updates to Firewalls, Log Collectors, and WildFire Appliances Using Panorama
Supported Updates
Schedule a Content Update Using Panorama
Deploy an Update to Log Collectors when Panorama is Internet-connected
Deploy an Update to Log Collectors when Panorama is not Internet-connected
Deploy an Update to Firewalls when Panorama is Internet-connected
Deploy an Update to Firewalls when Panorama is not Internet-connected
Monitor Network Activity
Use Panorama for Visibility
Monitor the Network with the ACC and AppScope
Analyze Log Data
Generate, Schedule, and Email Reports
Ingest Traps ESM Logs on Panorama
Use Case: Monitor Applications Using Panorama
Use Case: Respond to an Incident Using Panorama
Incident Notification
Review the Widgets in the ACC
Review Threat Logs
Review WildFire Logs
Review Data Filtering Logs
Update Security Rules
Panorama High Availability
Panorama HA Prerequisites
Priority and Failover on Panorama in HA
Failover Triggers
HA Heartbeat Polling and Hello Messages
HA Path Monitoring
Logging Considerations in Panorama HA
Logging Failover on a Panorama Virtual Appliance in Legacy Mode
Logging Failover on an M-Series Appliance or Panorama Virtual Appliance in Panorama Mode
Synchronization Between Panorama HA Peers
Manage a Panorama HA Pair
Set Up HA on Panorama
Set Up Authentication Using Custom Certificates Between HA Peers
Test Panorama HA Failover
Switch Priority after Panorama Failover to Resume NFS Logging
Restore the Primary Panorama to the Active State
Administer Panorama
Preview, Validate, or Commit Configuration Changes
Manage Panorama and Firewall Configuration Backups
Schedule Export of Configuration Files
Save and Export Panorama and Firewall Configurations
Revert Panorama Configuration Changes
Configure the Maximum Number of Configuration Backups on Panorama
Load a Configuration Backup on a Managed Firewall
Compare Changes in Panorama Configurations
Manage Locks for Restricting Configuration Changes
Add Custom Logos to Panorama
Use the Panorama Task Manager
Manage Storage Quotas and Expiration Periods for Logs and Reports
Log and Report Storage
Log and Report Expiration Periods
Configure Storage Quotas and Expiration Periods for Logs and Reports
Configure the Run Time for Panorama Reports
Monitor Panorama
Panorama System and Configuration Logs
Monitor Panorama and Log Collector Statistics Using SNMP
Reboot or Shut Down Panorama
Configure Panorama Password Profiles and Complexity
Troubleshooting
Troubleshoot Panorama System Issues
Generate Diagnostic Files for Panorama
Diagnose Panorama Suspended State
Monitor the File System Integrity Check
Manage Panorama Storage for Software and Content Updates
Recover from Split Brain in Panorama HA Deployments
Troubleshoot Log Storage and Connection Issues
Verify Panorama Port Usage
Resolve Zero Log Storage for a Collector Group
Replace a Failed Disk on an M-Series Appliance
Replace the Virtual Disk on an ESXi Server
Replace the Virtual Disk on vCloud Air
Migrate Logs to a New M-Series Appliance in Log Collector M...
Migrate Logs to a New M-Series Appliance in Panorama Mode
Migrate Logs to a New M-Series Appliance Model in Panorama Mode in High Availability
Migrate Logs to the Same M-Series Appliance Model in Panorama Mode in High Availability
Migrate Log Collectors after Failure/RMA of Non-HA Panorama
Regenerate Metadata for M-Series Appliance RAID Pairs
Replace an RMA Firewall
Partial Device State Generation for Firewalls
Before Starting RMA Firewall Replacement
Restore the Firewall Configuration after Replacement
Troubleshoot Commit Failures
Troubleshoot Registration or Serial Number Errors
Troubleshoot Reporting Errors
View Task Success or Failure Status
Downgrade from Panorama 8.0
Panorama Overview
About Panorama
Panorama Models
Centralized Firewall Configuration and Update Management
Context Switch—Firewall or Panorama
Templates and Template Stacks
Device Groups
Device Group Hierarchy
Device Group Policies
Device Group Objects
Centralized Logging and Reporting
Managed Collectors and Collector Groups
Local and Distributed Log Collection
Caveats for a Collector Group with Multiple Log Collectors
Log Forwarding Options
Centralized Reporting
User-ID Redistribution Using Panorama
Role-Based Access Control
Administrative Roles
Authentication Profiles and Sequences
Access Domains
Administrative A
