How many log collectors can Panorama managed?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How many log collectors can Panorama managed?

L1 Bithead

Hi Good day. Have some question wrt log collector.

 

Does anyone know how many log collectors can a pair of HA Panorama manage? 

We have a customer who wants log collector to be distributed or the same location as the branch NGFW.

They will be roughly 500+ branches and each with one unit of PA400 series. They want to have a dedicated log collector in each branch location to have high retention days storage. Means there will be 500+ NGFW and 400+ DLC that 1 pair of HA Panorama need to manage. Can this be supported? Thank you in advance.

1 REPLY 1

Cyber Elite
Cyber Elite

Thanks for the post @darrenchew

 

since the latency between log collectors inside the same log collector group should be under 10 ms (Reference: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmUnCAK) and taking into consideration that all log collectors will be geographically separated over WAN, this leaves the only option to place each log collector into own log collector group. While documentation states that a collector group can have up to 16 log collectors, it does not say how many log collector groups are supported and total number log collectors that can be registered. I spent some time to search this information, but unfortunately I could not find it anywhere and have not found a reliable way to verify it.

 

The scenario you described to have a log collector paired with each Firewall in branch site is non-standard design. To be honest, I think it is better to get a help from Palo Alto Professional Service to go over this design. I doubt that anybody in this community can give you any commitment on this setup. If your customer has enough budget to purchase 400+ log collectors, adding Professional Service should not make much difference 🙂

 

I am wondering, is there any reason why customer does not want to use Cortex Data Lake: https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-start...  or why not centralize all log collectors in single or multiple Data Centers?

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
  • 1299 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!