Panorama Features
New Panorama Features Description
Logging Service (PAN-OS 8.0.5 and later releases) The new logging service is a cloud-based service that is designed to collect and store large amounts of log data to solve your operational logging challenges. Palo Alto Networks provides the required infrastructure with scalable storage and compute that seamlessly integrates with your existing Panorama. You can continue to use your on-premise Log Collectors where they exist, or complement your logging infrastructure with this cloud-based service to which your Next-Generation Firewalls and GlobalProtect™ cloud service can directly send logs. Regardless of where the data is collected, Panorama will provide unparalleled network and threat visibility to help you prevent attacks.
Log Query Acceleration Panorama has an improved log query and reporting engine to enable a significant improvement in speed when generating reports and executing queries. All logs generated after the upgrade to PAN-OS 8.0 automatically take advantage of the improved query processing architecture. With this enhancement, the logging rate on the M-Series appliance is lower than in previous Panorama releases. For maximum logging rates, see Panorama Models. To extend the performance improvements for older logs, you can migrate the logs to the new format.
Logging Enhancements on the Panorama Virtual Appliance You can now create a Log Collector that runs locally on the Panorama virtual appliance. Because the local Log Collector supports multiple virtual logging disks, you can increase log storage as needed while preserving existing logs. You can increase log storage to a maximum of 24TB for a single Panorama and up to 48TB for a high availability pair. Using a local Log Collector also enables faster report generation (see Log Query Acceleration).
Increased Log Storage Capacity To provide adequate disk space for a longer log retention period, you can increase the log storage capacity on the M-500 appliance and Panorama virtual appliance to 24TB (formerly 8TB). The M-500 appliance now supports 2TB disks and up to 12 RAID disk pairs (formerly 1TB * 8 RAID disk pairs). In addition, the Panorama virtual appliance now supports a local Log Collector with up to 24TB of virtual disk space (see Logging Enhancements on the Panorama Virtual Appliance).
Traps Logs on Panorama Panorama can now ingest Traps logs sent by the Traps Endpoint Security Manager using syslog over UDP,TCP, or SSL so that you can monitor security events relating to protected processes and executable files on Traps protected endpoints. You can filter on any log attribute and answer day-to-day operational questions such as, “How many different prevention events did a specific user trigger?” The ability to see Traps logs in the same context as the firewall logs allows you to correlate discrete activity observed on the network and the endpoints. Correlated events help you see the overall picture across your network and the endpoints so that you can detect any risks that evade detection or take advantage of blind spots, and strengthen your security posture well before any damage occurs.
Extensible Plugin Architecture Panorama now supports a plug-in architecture to enable new third-party integrations or updates to existing integrations (such as the VMware NSX integration) outside of a new PAN-OS feature release. Panorama displays only the interface elements pertinent to the plugins you install. The first implementation of this architecture enables VM-Series NSX Integration Configuration through Panorama. This architecture also enables support for the Cloud Services plugin, which is required for the Logging Service.
Extended Support for Multiple Panorama Interfaces To support the demands for network segmentation and security in large-scale deployments, you can now separate the management functions from the device management and log collection functions on the Panorama M-Series appliances. The key improvements are: Forward logs from the managed firewalls to Panorama and the Log Collectors on multiple interfaces, instead of a single interface. This change reduces the traffic load on an interface and provides flexibility in logging to a common infrastructure across different subnets without requiring changes to the network configuration and access control lists in your infrastructure. Manage the configuration for firewalls and log collectors using multiple interfaces on Panorama. This capability simplifies the management of devices that belong to different subnets or are segmented for better security. Deploy software and content updates to managed firewalls and log collectors using an interface of your choice. You can continue to use the management port or select a different interface for deploying updates to managed firewalls and log collectors running PAN-OS 8.0. See Streamlined Deployment of Software and Content Updates from Panorama. The ability to separate these functions across multiple interfaces reduces the traffic on the dedicated management (MGT) port. You can now lock down the management port for administrative access to Panorama (HTTPS and SSH) and the Log Collectors (SSH) only; by default Collector Group communication is enabled on the management port but you can assign a different port for this traffic.
Device Group, Template, and Template Stack Capacity Increase Panorama now supports up to 1,024 device groups and 1,024 templates (previously 512 each), and 1,024 template stacks (previously 128). In large-scale deployments, these capacity improvements increase administrative ease in centrally managing from Panorama and reduce the configuration exceptions and overrides that you must manage locally on individual firewalls.
Streamlined Deployment of Software and Content Updates from Panorama You can now deploy software and content updates to managed devices more quickly. Instead of pushing the updates to one device at a time, Panorama now notifies firewalls and Log Collectors when updates are available and the devices then retrieve the updates in parallel. The Extended Support for Multiple Panorama Interfaces enables you to configure a separate interface, instead of using the management (MGT) interface, for deploying content and software updates to managed devices.

Related Documentation