About Panorama Plugins

Panorama supports integrations with these services through the extensible plugin architecture.
Panorama supports an extensible plugin architecture that enables the integration and configuration of the following capabilities:
  • AWS
    —The AWS plugin enables you to monitor your EC2 workloads on AWS. With the plugin, you can enable communication between Panorama (running PAN-OS 8.1.3 or a later release) and your AWS VPCs so that Panorama can collect a predefined set of attributes (or metadata elements) as tags for your EC2 instances and register the information to your Palo Alto Networks firewalls. When you reference these tags in Dynamic Address Groups and match against them in Security policy rules, you can consistently enforce policy across all assets deployed within your VPCs.
  • Azure
    —The Azure plugin enables you to monitor your virtual machines on the Azure public cloud. With the plugin, you can enable communication between Panorama (running PAN-OS 8.1.6 or a later release) and your Azure subscriptions so that Panorama can collect a predefined set of attributes (or metadata elements) as tags for your Azure virtual machines and register the information to your Palo Alto Networks firewalls. When you reference these tags in Dynamic Address Groups and match against them in Security policy rules, you can consistently enforce policy across all assets deployed within VNets in your subscriptions.
  • Cisco ACI
    —The Cisco ACI plugin enables you to monitor endpoints in your Cisco ACI fabric. With the plugin, you enable communication between Panorama (8.1.6 and later) and your Cisco APIC so that Panorama can collect endpoint information as tags for your Endpoint Groups and register the information to you Palo Alto Networks firewalls. When you reference these tags in Dynamic Address Groups and match against them in Security policy rules, you can consistently enforce policy across all assets deployed within your Cisco ACI fabric.
  • Cloud Services
    —The Cloud Services plugin enables the use of the Cortex Data Lake and Prisma Access. The Cortex Data Lake solves operational logging challenges and the Prisma Access cloud service extends your security infrastructure to your remote network locations and mobile workforce.
  • GCP
    —Enables you to secure Kubernetes services in a Google Kubernetes Engine (GKE) cluster. Configure the Panorama plugin for Google Cloud Platform (GCP) to connect to your GKE cluster and learn about the services that are exposed to the internet.
  • Interconnect
    —The Interconnect plugin enables you to Manage Large-Scale Firewall Deployments. Use the Interconnect plugin to set up a two-tier Panorama deployment (on Panorama running PAN-OS 8.1.3 or a later release) for a horizontal scale-out architecture. With the Interconnect plugin, you can deploy a Panorama Controller with up to 64 Panorama Nodes or 32 Panorama HA pairs to centrally manage a large number of firewalls.
  • VMware NSX
    —The VMware NSX plugin enables integration between the VM-Series firewall on VMware NSX with VMware NSX Manager. This integration allows you to deploy the VM-Series firewall as a service on a cluster of ESXi servers.
  • VMware vCenter
    —The Panorama plugin for VMware vCenter allows you to monitor the virtual machines in your vCenter environment. The plugin retrieves IP addresses of virtual machines in your vCenter environment and converts them to tags that you can use to build policy using dynamic address groups.
Refer to the Palo Alto Networks Compatibility Matrix for details on the different plugin versions and compatibility information.

Related Documentation