I think Panorama is useful and I like using it, but it took me some time to adjust my perception of things so I understood what's going on. The things that gave me the biggest difficulty with Panorama were the following: 1) What exactly shared objects are and how they relate to the devices. While it's listed in documentation, you don't really understand the shared resource thing until you actually deploy it and get hammered with error messages because you've defined duplicate named objects,services, etc on the devices. That's when I discovered that for us the best way to handle it was to build ALL of the objects, services, etc on Panorama and push it to devices whether they needed them or not. 2) Realizing that all because Panorama is a centralized management platform, doesn't mean that everything is centralized by default. For example, by building the policies on Panorama, I assumed that the logs would automatically be sent to Panorama. NOPE. You have to manually configure the rules to be sent to Panorama. In retrospect, it makes sense now, but in the beginning you just assume that a centralized management platform will do things like that behind the scenes. I do think that its greatest strength is being a centralized POLICY and LOGGING platform rather than a DEVICE MANAGEMENT platform. Normally I NEVER switch to a device context in Panorama. I usually just log into the devices directly to make the configuration changes. But that still doesn't diminish my opinion of Panorama.
... View more