Overview of the Panorama™ Interconnect plugin.
When you have homogeneous configurations across a large number of firewalls that exceed the management capacity of a single Panorama instance, or if you have deployed multiple Panorama™ management servers, you can use the Interconnect plugin on Panorama to reduce the operational burden. The Interconnect plugin allows you to set up a Panorama Controller that manages up to 64 Panorama Nodes, so that you can streamline common configuration and policies across Panorama appliances and the managed firewalls on your network. For example, you can set up the Panorama Controller as the central point for managing both the Panorama specific configuration such as admin roles on the Panorama Nodes, and all the common template stack and device group configurations that you push to the Panorama Nodes for managing all the firewalls. The following figure illustrates the Panorama Interconnect hierarchy, where the Panorama Controller manages multiple Panorama Nodes, which in turn manage multiple devices.
The following figure displays an example of a Panorama Interconnect
Setuppage for a Panorama Controller and a Panorama Node once they have been successfully configured.
The following tasks must be completed to set up the Panorama Interconnect plugin:
This includes installing and activating licenses, and registering the Panorama management server.
The Panorama management servers and firewalls must meet the system and operational requirements in order to successfully deploy Panorama Interconnect.
Generate or import a Certificate Authority and issue certificates for the Nodes, and configure a certificate profile, to secure communication between the Panorama Controller and Panorama Nodes.
Download, install, and set up the Panorama Interconnect plugin on the Panorama Controller and Panorama Nodes.
Push the Panorama-specific configuration, as well as the template stack and device group configurations, from the Panorama Controller to the Panorama Nodes.
Add one or more firewalls and push the synchronized configuration from the Panorama Node to the managed devices.