This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How many log collectors can Panorama managed?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How many log collectors can Panorama managed?

darrenchew
L1 Bithead

‎08-16-2022 08:39 PM

Hi Good day. Have some question wrt log collector.

 

Does anyone know how many log collectors can a pair of HA Panorama manage? 

We have a customer who wants log collector to be distributed or the same location as the branch NGFW.

They will be roughly 500+ branches and each with one unit of PA400 series. They want to have a dedicated log collector in each branch location to have high retention days storage. Means there will be 500+ NGFW and 400+ DLC that 1 pair of HA Panorama need to manage. Can this be supported? Thank you in advance.

0 Likes Likes
1 REPLY 1

PavelK
Cyber Elite
Cyber Elite

‎08-18-2022 06:23 PM

Thanks for the post @darrenchew

 

since the latency between log collectors inside the same log collector group should be under 10 ms (Reference: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmUnCAK) and taking into consideration that all log collectors will be geographically separated over WAN, this leaves the only option to place each log collector into own log collector group. While documentation states that a collector group can have up to 16 log collectors, it does not say how many log collector groups are supported and total number log collectors that can be registered. I spent some time to search this information, but unfortunately I could not find it anywhere and have not found a reliable way to verify it.

 

The scenario you described to have a log collector paired with each Firewall in branch site is non-standard design. To be honest, I think it is better to get a help from Palo Alto Professional Service to go over this design. I doubt that anybody in this community can give you any commitment on this setup. If your customer has enough budget to purchase 400+ log collectors, adding Professional Service should not make much difference 🙂

 

I am wondering, is there any reason why customer does not want to use Cortex Data Lake: https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-start...  or why not centralize all log collectors in single or multiple Data Centers?

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
  • 1615 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks