To use Panorama for managing your firewalls,
you will need to enable a connection between the firewall and Panorama.
This connections requires you enter the Panorama IP address on each
firewall that will be managed, and to enter the serial number of
each firewall on Panorama.
You can only bulk import
single vsys firewalls to be managed by Panorama.
firewall uses the Panorama server IP address to set up an SSL connection
to register with Panorama. Panorama and the firewall authenticate
each other using 2,048-bit certificates and AES-256 encrypted SSL
connections for configuration management and log collection. Prepare
Panorama, and each firewall as follows:
Configure the firewall to communicate with Panorama.
Repeat this step for each firewall Panorama will manage.
Configure each data interface you plan
to use on the firewall and attach it to a security zone so that
you can push configuration and policy from Panorama.
Add the Panorama IP address to the firewall.
edit the Panorama Settings.
Enter the Panorama IP address in the first field.
Panorama issues a single IP address for
device management, log collection, reporting, and dynamic updates.
Enter the external, Internet-bound IP address to ensure Panorama
can successfully access existing and new managed devices and Log
Collectors. If an internal Panorama IP address is configured, you
may be unable to manage some devices. For example, if you Install Panorama on AWS and enter the internal IP
address, Panorama is unable to manage devices or Log Collectors
outside of the AWS security group.
) If you have set up a High Availability pair
in Panorama, enter the IP address of the secondary Panorama in the
Add the firewall to Panorama.
Enter the serial number for each firewall (one entry
per line) that you want to manage centrally using Panorama, and
. The Managed Devices page displays
the new firewall.
) Add a
Tags make it easier for you to find a firewall from a large list;
they help you to dynamically filter and refine the list of firewalls
that display. For example, if you add a tag called branch office,
you can filter for all branch office firewalls across your network.
Select the check box beside
the firewall and click
, enter a string of up to
31 characters (no empty spaces), and click