- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-18-2019 08:23 PM - edited 11-18-2019 09:22 PM
Hi,
Currently Panorama is in Legacy mode, there 5 devices connected to it, 2 in 2 data centres, one at an office. Templates are configured and synced across devices including device specific templates (like configs and other device management configs). However due to the logging limitations we need to change to Panorama mode. The other temporary alternative of course is to upgrade the disk to 8TB but there is some work to doing this to and I am just thinking it might be better to just bite the bullet and move out of legacy even if it is slightly harder work than resizing the disk.
I am trying to find Palo documentation on how to do this or some documentation on the path in which to take to do this but I have not found any. If anyone knows the possible routes to take to do this kind of change or documentation/posts where it has been described I would be very grateful to know about them.
Thanks,
11-18-2019 09:24 PM
Converting a VM to “Panorama” mode mandates meeting the minimum resource requirements:
RAM: 16 GB
Cores: 8
Cloning disk: 81 GB
Storage disks: 2 TB.
Failure to meet this requirement prevents from changing the mode from “legacy” to “panorama”, and the VM defaults to “legacy” mode operation.
Below are the steps we followed to convert our Panorama 8.0.14 from “legacy” mode to “panorama” mode using only the system disk and no virtual logging disk.
Step 1: Issue CLI command (request system system-mode panorama) - This will advise new requirements for Memory, vCPU’s, system disk size.
Step2: Power off Panorama VM.
Step3: Edit Settings and increase memory/vCPU and attach new system disk(SCSI Virtual Device Node).
Step4: Power on Panorama VM.
Step5: Issue CLI command (request system clone-system-disk target sdb).
Step6: Power off Panorama VM.
Step7: Edit Settings and remove original system disk.
Step8: Select the new system disk (Virtual Device Node to SCSI (0:0)).
Step9: Power on Panorama VM.
Step10: Issue CLI command (request system system-mode panorama).
Additional reference link:
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/set-up-panorama/set-u...
https://live.paloaltonetworks.com/t5/General-Topics/Panorama-VM-upgrade-to-PANOS-8-0-x-amp-switch-mo...
11-18-2019 09:49 PM
Hey Farzana!
Mate, thanks for jumping in here to help.
I see this is for version 8.0,xx , however we are currently running on 9.0.4 with Panorama. Also to confirm will there be any loss of data following this mode change process such as logging or templates?
Thanks,
11-18-2019 10:04 PM - last edited on 10-27-2020 01:04 PM by jdelio
No problem @DanielBostock
It should work for that version as well.
There were some issues we faced with latency in logging, Or Panorama being sluggish during the upgrade.
In Legacy mode, panorama VM itself cannot act as a local log collector in a collector group.
Panorama it can be configured to manage other dedicated log collectors (M series) in a collector group.and you need to make sure if proper resources are defined based on the number of firewalls being managed.
You can use legacy mode for managing firewalls from panorama. But On panorama mode receiving the log is faster than legacy mode. On legacy mode they have some latency in logging on panorama.
> The major difference in these modes is that Panorama supports a local log collector with 1 to 12 virtual disks. More details here: https://docs.paloaltonetworks.com/panorama/9-0/panorama-admin/panorama-overview/panorama-models.html...
If you want to convert from legacy mode to panorama mode then please follow below document
https://docs.paloaltonetworks.com/panorama/9-0/panorama-admin/set-up-panorama/set-up-the-panorama-vi...
11-18-2019 10:12 PM
@FarzanaMustafa - Thanks greatly for all this info mate, I will get onto it this week and do all the necessary steps as per documentation.
11-18-2019 10:44 PM
If you want to convert from legacy mode to panorama mode then please follow below document
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/set-up-panorama/set-u...
Hey mate,
This link does not take me to the document, it potentially has been removed, deprecated or maybe renamed?
Thanks,
11-19-2019 03:41 PM
Sorry @DanielBostock they were from 8.0 so not there anymore.
Below are the active links.
https://docs.paloaltonetworks.com/panorama/9-0/panorama-admin/panorama-overview/panorama-models
11-19-2019 03:42 PM
@FarzanaMustafa - love ya work mate, thanks heaps again!
11-20-2019 03:56 PM
Hey @FarzanaMustafa - just double checking the document in the first link thats the process for changing Panorama to Log Collector mode. Is there a guide on switching it to Panorama Mode like the older legacy one for 8.0?
Also it would be helpful to know what are the roll back options or ways to ensure a roll back if we completely balls up the upgrade to Panorama mode.
11-20-2019 04:33 PM
These two commands will help.
from Legacy mode to Panorama mode.
> request system system-mode panorama
from Panorama mode to Legacy mode.
> request system system-mode legacy
More details on the link below.
03-18-2021 04:56 AM
quick question, when you change an active M500 in panorama mode which has a pair of external LC's configured and ALL firewalls send to those LC's (they are 3 Collector groups configured) and you hit the command - request system system-mode management-only will it then stop the Panorama in MGMT mode to stop retrieving logs from the LC to view them in the monitor tab?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!