Device Management Flexibility.

Our firewall management philosophy is to make administrative tasks, such as report generation, log queries, policy creation and ACC browsing, easy to execute and consistent, no matter which mechanism — Web interface, Panorama, CLI or API — you use.

Intuitive and efficient policy management workflow.

The familiar look and feel of our policy editor, combined with drag-and-drop objects and rule tagging, will allow you to establish a policy management workflow that suits your administrative processes.

  • The policy browser allows you to quickly create policies that include application, user and traffic specific-threat prevention (IPS, antivirus, anti-spyware, etc.), eliminating the duplicate data entry common in other offerings.

  • Object drag-and-drop reduces administrative effort by allowing you to reuse the policy objects (users, applications, services or IP addresses) you have already created.

  • Rule tagging allows you to “tag” rules with common names (DMZ, perimeter, datacenter) so you can easily search and manage those rules as needed.

Granular control over administrative access.

If you have delegated specific sets of tasks to individual staff members, our role-based administration will allow you to designate any of the firewall's features and corresponding capabilities to be fully enabled, read-only or disabled (hidden from view) for specific administrators. For example:

  • Your operations staff can be given access to the firewall and networking configuration.
  • Your security administrators can be granted control over security policy definition, the log viewer and reporting.
  • You can allow key individuals full CLI access, while for others the CLI may be disabled.

All administrative activities are logged so you can see the time of occurrence, the administrator, the management interface used (web interface, CLI, Panorama and the API), and the command or action taken along with the result.

Centralized management of your Palo Alto Networks firewalls.

Panorama provides centralized management for multiple Palo Alto Networks next-generation firewalls, enabling you to:

  • Browse ACC, view logs, and generate reports across all your firewalls from a central location.
  • Use device group and templates to centrally manage your firewall configurations, regardless of location.
  • Manage device licenses and updates for software, content, and clients (SSL VPN, GlobalProtect).

By using the same user interface as our individual firewalls, Panorama eliminates the learning curve associated with switching from one mechanism to another. Regardless of the task at hand, the steps you may need to take will be the same.


Learn more about Panorama Technology.

Industry standard management tools and APIs.

A rich set of industry standard management interfaces, combined with a helpful set of APIs, allows you to integrate with existing third-party solutions for superior policy/configuration management, log analysis, reporting and more.

  • APIs: A REST management API and a User-ID XML API give you a powerful set of tools to streamline operations and integrate with existing, internally developed applications and repositories.

  • Syslog and SNMP v2/3: All logs can be sent to your syslog server for archival and analysis purposes, while SNMP v2/3 support enables integration with a wide range of third-party tools.

  • Netflow: Export your IP traffic flow information to a Netflow connector. Separate template records are defined for IPv4, IPv4 with NAT, and IPv6 traffic, while PAN-OS specific fields for App-ID and User-ID can be optionally exported. Netflow integration is not supported on the PA-4000 Series or the PA-7050.

In addition to our management interfaces and APIs, the Palo Alto Networks Technology Partner Program makes information available to you on many leading management, reporting and analysis vendors.