Using PANORAMA for an MSP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Using PANORAMA for an MSP

L3 Networker

Would anyone know if its possible to use Panorama in an MSP environment to manage clients Palo Alto Firewalls?

 

For example, setup an Azure Panorama and use that to Manage all of our clients Firewalls from that Panorama? Like clients part of different businesses/organizations.

 

If yes, any ideas or documentation that can help?

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@Schneur_Feldman,

This will work perfectly fine from a technical level, and I've helped a few people implement it where the MSP provided all of the services for the companies in question as a fully managed service. In the event that you have someone local who needs to access the device and wants to make changes, that's where this starts to falter a bit.

 

Just a couple things to think about:

  • How much are you basing your desire for Panorama on templating and not just centralized logging?
  • If you just want centralized logging, is Panorama the actual most cost effective solution?
  • How will the business recover the costs of Panorama? If you eat the costs for ease of management as part of a larger deployment that makes sense, but if you try to pass that along to the customer does your cost structure make that a customer benefit? (IE: Why should they pay you to make your life easier if there's practically no benefit for them).

 

View solution in original post

3 REPLIES 3

Community Team Member

Hi @Schneur_Feldman ,

 

I have not seen what you ask of, but I believe it would be possible to manage client firewalls as long as their networks are reachable.

 

I will ask around to see if I can provide more guidance.

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Cyber Elite
Cyber Elite

@Schneur_Feldman,

This will work perfectly fine from a technical level, and I've helped a few people implement it where the MSP provided all of the services for the companies in question as a fully managed service. In the event that you have someone local who needs to access the device and wants to make changes, that's where this starts to falter a bit.

 

Just a couple things to think about:

  • How much are you basing your desire for Panorama on templating and not just centralized logging?
  • If you just want centralized logging, is Panorama the actual most cost effective solution?
  • How will the business recover the costs of Panorama? If you eat the costs for ease of management as part of a larger deployment that makes sense, but if you try to pass that along to the customer does your cost structure make that a customer benefit? (IE: Why should they pay you to make your life easier if there's practically no benefit for them).

 

L3 Networker

Thanks everyone! Love the insight, so what would be the best Palo Solution for centralized logging for multiple MSP clients?

 

My experience is that MSP's that have tons of Palo clients, all the firewalls are just managed locally so nobody ever knows if there are alerts that need attention. Just wondering if Palo has any solutions for this.

  • 1 accepted solution
  • 2066 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!