About Panorama Plugins

Panorama supports integrations with these services through the extensible plugin architecture.
Panorama supports an extensible plugin architecture that enables the integration and configuration of the following capabilities:
  • AWS
    —The AWS plugin enables you to monitor your EC2 workloads on AWS. With the plugin, you can enable communication between Panorama (running PAN-OS 8.1.3 or a later release) and your AWS VPCs so that Panorama can collect a predefined set of attributes (or metadata elements) as tags for your EC2 instances and register the information to your Palo Alto Networks firewalls. When you reference these tags in Dynamic Address Groups and match against them in Security policy rules, you can consistently enforce policy across all assets deployed within your VPCs.
  • Azure
    —The Azure plugin enables you to monitor your virtual machines on the Azure public cloud. With the plugin, you can enable communication between Panorama (running PAN-OS 8.1.6 or a later release) and your Azure subscriptions so that Panorama can collect a predefined set of attributes (or metadata elements) as tags for your Azure virtual machines and register the information to your Palo Alto Networks firewalls. When you reference these tags in Dynamic Address Groups and match against them in Security policy rules, you can consistently enforce policy across all assets deployed within VNets in your subscriptions.
  • Cisco ACI
    —The Cisco ACI plugin enables you to monitor endpoints in your Cisco ACI fabric. With the plugin, you enable communication between Panorama (8.1.6 and later) and your Cisco APIC so that Panorama can collect endpoint information as tags for your Endpoint Groups and register the information to you Palo Alto Networks firewalls. When you reference these tags in Dynamic Address Groups and match against them in Security policy rules, you can consistently enforce policy across all assets deployed within your Cisco ACI fabric.
  • Cisco TrustSec
    —The Cisco TrustSec Plugin enables monitoring of endpoints in your Cisco TrustSec environment. With the plugin, you enable communication between Panorama and your Cisco pxGrid server so that Panorama can collect endpoint information as tags for your enpoints and register the information to you Palo Alto Networks firewalls. When you reference these tags in Dynamic Address Groups and match against them in security policy rules, you can consistently enforce policy across all assets deployed within your Cisco TrustSec environment.
  • Cloud Services
    —The Cloud Services plugin enables the use of the Cortex Data Lake and Prisma Access. The Cortex Data Lake solves operational logging challenges and the Prisma Access cloud service extends your security infrastructure to your remote network locations and mobile workforce.
  • GCP
    —Enables you to secure Kubernetes services in a Google Kubernetes Engine (GKE) cluster. Configure the Panorama plugin for Google Cloud Platform (GCP) to connect to your GKE cluster and learn about the services that are exposed to the internet.
  • Nutanix
    —The Panorama plugin for Nutanix enables VM monitoring in your Nutanix environment. It allows you to track the virtual machine inventory within your Nutanix Prism Central so that you can consistently enforce security policy that automatically adapts to changes within your Nutanix environment. As virtual machines are provisioned, de-provisioned or moved, this solution allows you to collect the IP addresses and associated sets of attributes (or metadata elements) as tags. You can then use the tags to define Dynamic Address Groups and use them in Security policy. The Panorama plugin for Nutanix requires Panorama 9.0.4 or later.
  • Interconnect
    —The Interconnect plugin enables you to Manage Large-Scale Firewall Deployments. Use the Interconnect plugin to set up a two-tier Panorama deployment (on Panorama running PAN-OS 8.1.3 or a later release) for a horizontal scale-out architecture. With the Interconnect plugin, you can deploy a Panorama Controller with up to 64 Panorama Nodes or 32 Panorama HA pairs to centrally manage a large number of firewalls.
  • VMware NSX
    —The VMware NSX plugin enables integration between the VM-Series firewall on VMware NSX with VMware NSX Manager. This integration allows you to deploy the VM-Series firewall as a service on a cluster of ESXi servers.
  • VMware vCenter
    —The Panorama plugin for VMware vCenter allows you to monitor the virtual machines in your vCenter environment. The plugin retrieves IP addresses of virtual machines in your vCenter environment and converts them to tags that you can use to build policy using dynamic address groups.
Refer to the Palo Alto Networks Compatibility Matrix for details on the different plugin versions and compatibility information.

Recommended For You