on 02-28-201902:31 AM - last edited on 03-15-201902:54 PM by ploera
Read about Panorama Sizing and Design in Palo Alto Networks Live Community's newest blog. Learn more about device management and log collection/reporting. There are also some tips on choosing the correct Panorama deployment. Get your questions about Panorama answered on Live Community.
The Panorama solution includes two overall functions: Device Management and Log Collection/Reporting.
Device Management includes activities such as configuration management and deployment, deployment of PAN-OS and content updates.
Log Collection includes collecting logs from one or multiple firewalls, either to a single Panorama or to a distributed log collection infrastructure. In addition to collecting logs from deployed firewalls, reports can be generated based on that log data, whether it resides locally on the Panorama, or on a distributed logging infrastructure.
The Panorama solution allows for flexibility in design by assigning these functions to different physical pieces of the management infrastructure:
Flexible Panorama Design
While most current Panorama platforms have an upper limit of 1000 devices for management purposes (5000 firewalls using M-600 appliances or similarly resourced Panorama virtual appliances since PAN-OS 9.0), it is important for Panorama sizing to understand what the incoming log rate will be from all managed devices.
There are three main factors when determining the amount of total storage required and how to allocate that storage via Distributed Log Collectors. These factors are:
Log Ingestion Requirements: The total number of logs that will be sent per second to the Panorama infrastructure.
Log Storage Requirements: The timeframe for which the customer needs to retain logs on the management platform. There are different driving factors for this including both policy based and regulatory compliance motivators.
Device Location: The physical location of the firewalls can drive the decision to place DLC appliances at remote locations based on WAN bandwidth etc.
These factors are discussed in more detail in this article :