Panorama Models

Panorama is available as one of the following virtual or physical appliances, each of which supports licenses for managing up to 25, 100, or 1,000 firewalls:
  • Panorama virtual appliance
    —This model provides simple installation and facilitates server consolidation for sites that need a virtual management appliance. You can install Panorama on Amazon Web Services (AWS), AWS GovCloud, Microsoft Azure, Google Cloud Platform (GCP), KVM, Hyper-V, a VMware ESXi server, or on VMware vCloud Air. The virtual appliance can collect firewall logs locally at rates of up to 10,000 logs per second and can manage Dedicated Log Collectors for higher logging rates. The virtual appliance can function as a dedicated management server, a Panorama management server with local log collection capabilities, or as a Dedicated Log Collector. For the supported interfaces, log storage capacity, and maximum log collection rates, see Interface Support and Logging Rates on the Panorama Virtual Appliance. You can deploy the virtual appliance in the following modes:
    • Panorama mode
      —In this mode, the Panorama virtual appliance supports a local Log Collector with 1 to 12 virtual logging disks (see Deploy Panorama Virtual Appliances with Local Log Collectors). Each logging disk has 2TB of storage capacity for a total maximum of 24TB on a single virtual appliance and 48TB on a high availability (HA) pair. Only Panorama mode enables you to add multiple virtual logging disks without losing logs on existing disks. Panorama mode also provides the benefit of faster report generation. In Panorama mode, the virtual appliance does not support NFS storage.
      As a best practice, deploy the virtual appliance in Panorama mode to optimize log storage and report generation.
    • Legacy mode
      (
      ESXi and vCloud Air only
      )—In this mode, the Panorama virtual appliance receives and stores firewall logs without using a local Log Collector (see Deploy Panorama Virtual Appliances in Legacy Mode with Local Log Collection). By default, the virtual appliance in Legacy mode has one disk partition for all data. Approximately 11GB of the partition is allocated to log storage. If you need more local log storage, you can add one virtual disk of up to 8TB on ESXi 5.5 and later versions or on vCloud Air. Earlier ESXi versions support one virtual disk of up to 2TB. If you need more than 8TB, you can mount the virtual appliance in Legacy mode to an NFS datastore but only on the ESXi server, not on vCloud Air. This mode is only available if your Panorama virtual appliance is in Legacy mode on upgrade to PAN-OS 8.1. On upgrade to PAN-OS 8.1, Legacy mode is no longer available if you change to any other mode. If you change your Panorama virtual appliance from Legacy mode to one of the available modes, you will no longer be able to change back into Legacy mode.
    • Management Only mode
      —In this mode, the Panorama virtual appliance is a dedicated management appliance for your managed devices and Dedicated Log Collectors, and in this mode, an appropriately resourced Panorama virtual appliance can manage up to 5,000 firewalls. The Panorama virtual appliance has no log collection capabilities except for config and system logs and your deployment requires a Dedicated Log Collector to store these logs. By default, the virtual appliance in Management Only mode has only disk partition for all data so all logs forwarded to a Panorama virtual appliance in Management Only mode are dropped. Therefore, to store the log data from your managed appliances, you must configure log forwarding.
    • Log Collector mode
      —The Panorama virtual appliance functions as a Dedicated Log Collector. If multiple firewalls forward large volumes of log data, a Panorama virtual appliance in Log Collector mode provides increased scale and performance. In this mode, the appliance does not have a web interface for administrative access; it has only a command line interface (CLI). However, you can manage the appliance using the web interface of the Panorama management server. CLI access to a Panorama virtual appliance in Log Collector mode is necessary only for initial setup and debugging. For configuration details, see Deploy Panorama with Dedicated Log Collectors.
  • M-Series appliance
    —The M-100, M-200, M-500, and M-600 appliances are dedicated hardware appliances intended for large-scale deployments. In environments with high logging rates (over 10,000 logs per second) and log retention requirements, these appliances enable scaling of your log collection infrastructure. For the supported interfaces, log storage capacity, and maximum log collection rates, see Interface Support and Logging Rates on the M-Series Appliance. All M-Series models share the following attributes:
    • RAID drives to store firewall logs and RAID 1 mirroring to protect against disk failures
    • SSD to store the logs that Panorama and Log Collectors generate
    • MGT, Eth1, Eth2, and Eth3 interfaces that support 1Gbps throughput
    • Redundant, hot-swappable power supplies (except for the M-100 appliance)
    • front-to-back airflow
    The M-600 and M-500 appliances have the following additional attributes, which make them more suitable for data centers:
    • Eth4 and Eth5 interfaces that support 10Gbps throughput
    You can deploy the M-Series appliances in the following modes:
    • Panorama mode
      —The appliance functions as a Panorama management server to manage firewalls and Dedicated Log Collectors. The appliance also supports a local Log Collector to aggregate firewall logs. Panorama mode is the default mode. For configuration details, see Deploy Panorama M-Series Appliances with Local Log Collectors.
    • Management Only mode
      —The Panorama appliance is a dedicated management appliance for your managed devices and Dedicated Log Collectors. The Panorama appliance has no log collection capabilities except for config and system logs and your deployment requires a Dedicated Log Collector to store logs. By default, the Panorama appliance in Management Only mode has only one disk partition for all data so all logs forwarded to a Panorama virtual appliance in Management Only mode are dropped. Therefore, to store the log data from your managed appliances, you must configure log forwarding in order to store the log data from your managed devices.
    • Log Collector mode
      —The appliance functions as a Dedicated Log Collector. If multiple firewalls forward large volumes of log data, an M-Series appliance in Log Collector mode provides increased scale and performance. In this mode, the appliance does not have a web interface for administrative access; it has only a command line interface (CLI). However, you can manage the appliance using the web interface of the Panorama management server. CLI access to an M-Series appliance in Log Collector mode is necessary only for initial setup and debugging. For configuration details, see Deploy Panorama with Dedicated Log Collectors.
    For more details and specifications for the M-Series appliances, see the M-Series Appliance Hardware Reference Guides.

Related Documentation