10-30-2012 03:07 AM
Hi All,
I have some questions about panorama and paloalto fw connection that wantna confirm.
1.How many bandwidth are needed between panorama and paloalto fw connection , even they are not in same location ? any suggest?
2.Maximum logs received on panorama from paloalto fw every second? if over it, is there any notify can be seen on panorama or paloalto fw?
Thanks,
Joy
10-30-2012 12:11 PM
That depends on which devices are being used (PA-200 will not be able to log as many rows as PA-5060) and also what you are logging (for example if you disable logging of rows which allow web-browsing or such).
I think I saw on this forum someone doing a PoC where a PA-4020 was involved and that device (if I remember correctly) started to get on its knees in the mgmtplane when it had to deal with 7000 logentries/sec.
So if we take that number and assume worst case that each logentry takes a full 1500 bytes packet then you would need up to (roughly):
7000 * 1500 * 8 = 84 000 000 bit/s.
Also im not sure if Panorama can "tail" the logs of a PA or if it will miss logs if there are not enough bandwidth (because with tailing you will just get latency when you watch the logs in panorama and the bandwidth between Panorama and PA hit the roof).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
