Device Location: The physical location of the firewalls can drive the decision to place DLC appliances at remote locations based on WAN bandwidth etc.Įach of these factors are discussed in the sections below:.There are different driving factors for this including both policy based and regulatory compliance motivators. Log Storage Requirements: This is the timeframe for which the customer needs to retain logs on the management platform.Log Ingestion Requirements: This is the total number of logs that will be sent per second to the Panorama infrastructure.
PALO ALTO PANORAMA HOW TO
There are three main factors when determining the amount of total storage required and how to allocate that storage via Distributed Log Collectors.
This section will cover the information needed to properly size and deploy Panorama logging infrastructure to support customer requirements.
How to Determine Log Rate on VM Panorama or M-100 with a Log-Collector Read the following article on how to determine the lograte for yourself: Use the following spreadsheet to take an inventory of your devices that need to store logs: MODEL To start with, take an inventory of the total firewall appliances that will be managed by Panorama. While all current Panorama platforms have an upper limit of 1000 devices for management purposes (5000 firewalls using a single or M-600 since PAN-OS 9.0), it is important for Panorama sizing to understand what the incoming log rate will be from all managed devices. Please reference the following techdoc Admin Guide Setup The Panorama Virtual Appliance as a Log Collector for further details. The design considerations are covered below.Īs of PANOS 8.1, not only can any platform can be configured as a dedicated manager, but also a dedicated log collector. The number of log collectors in any given location is dependent on a number of factors. Group C contains two log collectors as well, and receives logs from two HA pairs of firewalls. Group B, consists of a single collector and receives logs from a pair of firewalls in an Active/Passive high availability (HA) configuration. Group A, contains two log collectors and receives logs from three standalone firewalls.
In the example above, device management function and reporting are performed on a VM Panorama appliance. For example: Device management may be performed from a VM Panorama, while the firewalls forward their logs to colocated dedicated log collectors:
The Panorama solution allows for flexibility in design by assigning these functions to different physical pieces of the management infrastructure. In addition to collecting logs from deployed firewalls, reports can be generated based on that log data whether it resides locally to the Panorama (e.g single M-series or VM appliance) for on a distributed logging infrastructure. Log Collection: This includes collecting logs from one or multiple firewalls, either to a single Panorama or to a distributed log collection infrastructure. A brief overview of these two main functions follow:ĭevice Management: This includes activities such as configuration management and deployment, deployment of PAN-OS and content updates. The Panorama solution is comprised of two overall functions: Device Management and Log Collection/Reporting.
0 kommentar(er)
