Configure Panorama to Use Multiple Interfaces

In a large-scale network, you can improve security and reduce congestion by implementing network segmentation, which involves segregating the subnetworks based on resource usage, user roles, and security requirements. Panorama supports network segmentation by enabling you to use multiple M-Series Appliance Interfaces for managing devices (firewalls, Log Collectors, and WildFire appliances and appliance clusters) and collecting logs; you can assign separate interfaces to the devices on separate subnetworks. Using multiple interfaces to collect logs also provides the benefit of load balancing, which is particularly useful in environments where the firewalls forward logs at high rates to the Log Collectors.
Because administrators access and manage Panorama over the MGT interface, securing that interface is especially important. One method for improving the security of the MGT interface is to offload Panorama services to other interfaces. In addition to device management and log collection, you can also offload Collector Group communication and deployment of software and content updates to firewalls, Log Collectors, and WildFire appliances and appliance clusters. By offloading these services, you can reserve the MGT interface for administrative traffic and assign it to a secure subnetwork that is segregated from the subnetworks where your firewalls, Log Collectors, and WildFire appliances and appliance clusters reside.

Related Documentation