This blog was written by Feroz Vellaparambil
In today’s complex digital environments, security operations face unprecedented challenges—not only in protecting networks but in managing the vast scale of data generated by firewalls. For organizations operating on-premises, handling operational scale, compliance, and data sovereignty is critical.
Panorama, Palo Alto Networks’ centralized security management solution, addresses these needs, especially when paired with dedicated Log Collectors designed for high-performance, scalable log management.
Why On-Premises Customers Choose Panorama
Panorama streamlines firewall management, enabling centralized configuration, policy deployment, monitoring, and reporting across distributed environments. With Log Collectors, organizations can:
- Ingest and process large volumes of logs without impacting management performance.
- Ensure logs remain securely within their data centers for compliance and data residency.
- Retain full operational control in regulated or sensitive industries.
The Role of Log Collectors
Logs provide critical visibility for threat detection, compliance audits, and incident response. Panorama leverages dedicated Log Collectors—available as physical M-Series appliances or Virtual appliances—to scale log ingestion separately from core management functions.
Benefits include:
- Centralized Visibility – Aggregate logs from firewalls into a unified monitoring and audit view.
- Operational Scalability – Expand log ingestion capacity by adding Log Collectors as needed.
- High Availability – Collector Groups provide redundancy to avoid data loss during failures.
- Rapid Incident Response – Index-based searches help teams analyze millions of logs efficiently.
- Data Sovereignty Compliance – Keep logs onsite to meet industry and regional data mandates.
What’s New: Scaling Optimization Coming in PAN-OS 12.1
Starting with PAN-OS version 12.1, Log Collector infrastructure will support up to 1 million logs per second (LPS) with:
- Improved throughput and performance.
- Greater reliability during peak loads.
- Enhanced scalability through optimized master node management.
Note: This 1 million LPS scalability applies exclusively to M-700 appliances.
This enables large enterprises, MSSPs, and organizations in regulated industries to handle extremely high log volumes — without sacrificing operational visibility, performance, or control.
Deployment Options
- M-700 Appliances – Purpose-built for high-performance physical deployments. Only M-700 appliances support scaling Log Collector Groups up to 1 million logs per second (LPS).
- M-300 Appliances – Designed for mid-scale physical deployments. M-300 appliances handle standard log ingestion workload.
- Virtual appliance Log Collectors – Ideal for virtualized and private cloud environments. VM-Series supports moderate-scale log collection
- Hybrid Deployments – Organizations can deploy a combination of M-700, M-300, and Virtual appliance Log Collectors to accommodate diverse infrastructure requirements. However, it's important to note that hybrid nodes cannot be part of the same Collector Group. Additionally, 1 million logs-per-second (LPS) scalability is supported exclusively on M-700 appliances.
In Summary
Panorama with Log Collectors offers:
- Centralized, scalable firewall management.
- Efficient, high-volume log ingestion and analysis.
- On-premises control for compliance and data sovereignty.
- Future-proof infrastructure scaling to handle up to 1 million LPS (with M-700 appliances).
Secure your operations at scale—without sacrificing control.
Ready to evolve your security infrastructure? Learn More About Panorama
