Plan Your Panorama Interconnect Deployment
Expand all | Collapse all
Plan Your Panorama Interconnect Deployment
Checklist for preparing your Panorama™ management servers
for the Panorama Interconnect plugin installation and deployment.
To successfully deploy the Panorama™ Interconnect plugin
on your Panorama management servers:
Verify that your Panoramas
and managed firewalls meet the minimum resource requirements and
that your firewalls are single-vsys firewalls.
Configuration
management is centralized to the Panorama Controller and replicated
to all Panorama Nodes managed by the Panorama Controller. Make sure that
this configuration is simple, compact, and largely identical across
all the Panorama Nodes.
Interconnect supports centralized
configuration based on device groups and templates which includes
objects, policies, firewall, and network configuration. Incremental
functionality added by Panorama Integration plugins such as NSX, SD-WAN,
and Prisma Access are not supported in a Panorama Interconnect deployment.
When designing your
device group and
template stack hierarchies, consider
the ordering of child device groups and templates within the template stack and
be mindful of where specific configuration objects and policy rules are created.
This is important to ensure the correct configurations are pushed to your
Panorama Nodes.
If you want to target specific firewalls managed by a Panorama Node, specify the
Devices in the
child device group and not the parent
device group in the device group hierarchy. This is required to push device
group configurations to specific firewalls managed by a Panorama node.
-
To target specific firewalls P
Deploying Panorama
Interconnect on a Panorama Controller or Panorama Node in Panorama
mode with local log collection may result in decreased performance
due to high resource demand for management processes and log collection
processes.
Deploy one or more Dedicated Log Collectors for log collection.
See
Set Up Panorama for more
information on log storage requirements and procedures deploying
a Panorama management server in Log Collection mode.
Logs
and report generation are only available from the Panorama Nodes.
Ensure that the Panorama Controller and all Panorama Nodes
are in Operational mode before installing the plugin. The Panorama
Interconnect plugin does not support Panorama management servers
in FIPS mode, and may cause the Panorama management server to be
come unresponsive.
Enable HTTPS access on the Panorama Controller, Panorama
Nodes and managed firewalls so you can
log in to the Panorama web interface and
firewall web interfaces. Panorama Interconnect does not support
CLI and API access.