Panorama Sizing and Design

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member

Read about Panorama Sizing and Design in Palo Alto Networks LIVEcommunity. Learn more about device management and log collection/reporting. There are also some tips on choosing the correct Panorama deployment. Get your questions about Panorama answered on LiIVEcommunity.




The Panorama solution includes two overall functions: Device Management and Log Collection/Reporting.


Device Management includes activities such as configuration management and deployment, deployment of PAN-OS and content updates.


Log Collection includes collecting logs from one or multiple firewalls, either to a single Panorama or to a distributed log collection infrastructure. In addition to collecting logs from deployed firewalls, reports can be generated based on that log data, whether it resides locally on the Panorama, or on a distributed logging infrastructure.


The Panorama solution allows for flexibility in design by assigning these functions to different physical pieces of the management infrastructure:




Flexible Panorama DesignFlexible Panorama Design


While most current Panorama platforms have an upper limit of 1000 devices for management purposes (5000 firewalls using M-600 appliances or similarly resourced Panorama virtual appliances since PAN-OS 9.0), it is important for Panorama sizing to understand what the incoming log rate will be from all managed devices.


Read the following article on how to determine the log rate:
How to Determine Log Rate on VM Panorama or M-100 with a Log-Collector


There are three main factors when determining the amount of total storage required and how to allocate that storage via Distributed Log Collectors. These factors are:

  • Log Ingestion Requirements: The total number of logs that will be sent per second to the Panorama infrastructure.
  • Log Storage Requirements: The timeframe for which the customer needs to retain logs on the management platform. There are different driving factors for this including both policy based and regulatory compliance motivators.
  • Device Location: The physical location of the firewalls can drive the decision to place DLC appliances at remote locations based on WAN bandwidth etc.


These factors are discussed in more detail in this article :

Panorama Sizing and Design Guide


When choosing a platform for a Panorama deployment, consider the following factors.


  • Number of concurrent administrators need to be supported
  • Does the Customer have VMWare virtualization infrastructure that the security team has access to?
  • Does the customer require dual power supplies?
  • What is the estimated configuration size?
  • Will the device handle log collection as well?

Other considerations for Log Collector group design, High Availability and Log Redundancy are also discussed in much more detail in the Panorama Sizing and Design Guide.


Some insightful use case examples might be just what you need from this article as well :



Panorama Deployment Use CasePanorama Deployment Use Case


Useful links :


-Kiwi out!

Register or Sign-in