Device Management Flexibility.

Our firewall management philosophy is to make administrative tasks, such as report generation, log queries, policy creation and ACC browsing, easy to execute and consistent, no matter which mechanism — Web interface, Panorama, CLI or API — you use.

Intuitive and efficient policy management workflow.

The familiar look and feel of our policy editor, combined with drag-and-drop objects and rule tagging, will allow you to establish a policy management workflow that suits your administrative processes.

  • The policy browser allows you to quickly create policies that include application, user and traffic specific-threat prevention (IPS, antivirus, anti-spyware, etc.), eliminating the duplicate data entry common in other offerings.

  • Object drag-and-drop reduces administrative effort by allowing you to reuse the policy objects (users, applications, services or IP addresses) you have already created.

  • Rule tagging allows you to “tag” rules with common names (DMZ, perimeter, datacenter) so you can easily search and manage those rules as needed.

Granular control over administrative access.

If you have delegated specific sets of tasks to individual staff members, our role-based administration will allow you to designate any of the firewall's features and corresponding capabilities to be fully enabled, read-only or disabled (hidden from view) for specific administrators. For example:

  • Your operations staff can be given access to the firewall and networking configuration.
  • Your security administrators can be granted control over security policy definition, the log viewer and reporting.
  • You can allow key individuals full CLI access, while for others the CLI may be disabled.

All administrative activities are logged so you can see the time of occurrence, the administrator, the management interface used (web interface, CLI, Panorama and the API), and the command or action taken along with the result.

Centralized management of your Palo Alto Networks firewalls.

The centralized features in Panorama™ network security management will minimize the administrative efforts and operational costs associated with your deployment of our next-generation firewalls in multiple locations — whether internal or global. Panorama empowers you with consolidated, simplified policy creation and management, solving the complexity of security deployments with leading functionality, efficient rule bases, and unparalleled threat visibility.


Learn more about Panorama Technology.

Industry standard management tools and APIs.

A rich set of industry standard management interfaces, combined with a helpful set of APIs, allows you to integrate with existing third-party solutions for superior policy/configuration management, log analysis, reporting and more.

  • APIs: A REST management API and a User-ID XML API give you a powerful set of tools to streamline operations and integrate with existing, internally developed applications and repositories.

  • Syslog and SNMP v2/3: All logs can be sent to your syslog server for archival and analysis purposes, while SNMP v2/3 support enables integration with a wide range of third-party tools.

  • Netflow: Export your IP traffic flow information to a Netflow connector. Separate template records are defined for IPv4, IPv4 with NAT, and IPv6 traffic, while PAN-OS specific fields for App-ID and User-ID can be optionally exported. Netflow integration is not supported on the PA-4000 Series or the PA-7050.

In addition to our management interfaces and APIs, the Palo Alto Networks Technology Partner Program makes information available to you on many leading management, reporting and analysis vendors.