: Use the Panorama Web Interface
Focus
Focus

Use the Panorama Web Interface

Table of Contents

Use the Panorama Web Interface

The web interface on both Panorama and the firewall has the same look and feel. However, the Panorama web interface includes additional options and a Panorama-specific tab for managing Panorama and for using Panorama to manage firewalls and Log Collectors.
The following common fields appear in the header or footer of several Panorama web interface pages.
Common Field
Description
Context
You can use the Context drop-down above the left-side menu to switch between the Panorama web interface and a firewall web interface (see Context Switch).
In the Dashboard and Monitor tabs, click refresh (
) in the tab header to manually refresh data in those tabs. You can also use the unlabeled drop-down on the right side of the tab header to select an automatic refresh interval in minutes (1 min, 2 mins, or 5 mins); to disable automatic refreshing, select Manual.
Access Domain
An access domain defines access to specific device groups, templates, and individual firewalls (through the Context drop-down). If you log in as an administrator with multiple access domains assigned to your account, the Dashboard, ACC, and Monitor tabs display information (such as log data) only for the Access Domain you select in the footer of the web interface.
If only one access domain is assigned to your account, the web interface does not display the Access Domain drop-down.
Device Group
A device group comprises firewalls and virtual systems that you manage as a group (see Panorama > Device Groups). The Dashboard, ACC, and Monitor tabs display information (such as log data) only for the Device Group you select in the tab header. In the Policies and Objects tabs, you can configure settings for a specific Device Group or for all device groups (select Shared).
Template
A template is a group of firewalls with common network and device settings, and a template stack is a combination of templates (see Panorama > Templates). In the Network and Device tabs, you configure settings for a specific Template or template stack. Because you can edit settings only within individual templates, the settings in these tabs are read-only if you select a template stack.
View by: Device
By default, the Network and Device tabs display the settings and values available to firewalls that are in normal operational mode and that support multiple virtual systems and VPNs. However, you can use the following options to filter the tabs to display only the mode-specific settings you want to edit:
  • In the Mode drop-down, select or clear the Multi VSYS, Operational Mode, and VPN Mode options.
  • Set all the mode options to reflect the mode configuration of a particular firewall by selecting it in the View by: Device drop-down.
Mode
The Panorama tab provides the following pages for managing Panorama and Log Collectors.
Panorama Pages
Description
Setup
Select PanoramaSetup for the following tasks:
  • Specify general settings (such as the Panorama hostname) and settings for authentication, logs, reports, AutoFocus™, banners, the message of the day, and password complexity. These settings are similar to those you configure for firewalls: select Device > Setup > Management.
  • Back up and restore configurations, reboot Panorama, and shut down Panorama. These operations are similar to those you perform for firewalls: select Device > Setup > Operations.
  • Define server connections for DNS, NTP, and Palo Alto Networks updates. These settings are similar to those you configure for firewalls: select Device > Setup > Services.
  • Define network settings for Panorama interfaces. Select Panorama > Setup > Interfaces.
  • Specify settings for the WildFire™ appliance. These settings are similar to those you configure for firewalls: elect Device > Setup > WildFire.
  • Manage hardware security module (HSM) settings. These settings are similar to those you configure for firewalls: select Device > Setup > HSM.
High Availability
Enables you to configure high availability (HA) for a pair of Panorama management servers. Select Panorama > High Availability.
Config Audit
Enables you to see the differences between configuration files. Select Device > Config Audit.
Password Profiles
Enables you to define password profiles for Panorama administrators. Select Device > Password Profiles.
Administrators
Enables you to configure Panorama administrator accounts. Select Panorama > Administrators.
If an administrator account is locked out, the Administrators page displays a lock in the Locked User column. You can click the lock to unlock the account.
Admin Roles
Enables you to define administrative roles, which control the privileges and responsibilities of administrators who access Panorama. Select Panorama > Admin Roles.
Access Domain
Enables you to control administrator access to device groups, templates, template stacks, and the web interface of firewalls. Select Panorama > Access Domains.
Authentication Profile
Enables you to specify a profile for authenticating access to Panorama. Select Device > Authentication Profile.
Authentication Sequence
Enables you to specify a series of authentication profiles to use for permitting access to Panorama. Select Device > Authentication Sequence.
User Identification
Enables you to configure a custom certificate profile for mutual authentication with User-ID agents. Select Device > User Identification > Connection Security.
Data Redistribution
Enables you to selectively redistribute data to other firewalls or Panorama management systems. Select Device > Data Redistribution.
Managed Devices
Enables you to manage firewalls, which includes adding firewalls to Panorama as managed devices, displaying firewall connection and license status, tagging firewalls, updating firewall software and content, and loading configuration backups. Select Panorama > Managed Devices > Summary.
Templates
Enables you to manage configuration options in the Device and Network tabs. Templates and template stacks enable you to reduce the administrative effort of deploying multiple firewalls with the same or similar configurations. Select Panorama > Templates.
Device Groups
Enables you to configure device groups, which group firewalls based on function, network segmentation, or geographic location. Device groups can include physical firewalls, virtual firewalls, and virtual systems.
Typically, firewalls in a device group need similar policy configurations. Using the Policies and Objects tab on Panorama, device groups provide a way to implement a layered approach for managing policies across a network of managed firewalls. You can nest device groups in a tree hierarchy of up to four levels. Descendant groups automatically inherit the policies and objects of ancestor groups and of the Shared location. Select Panorama > Device Groups.
Managed Collectors
Enables you to manage Log Collectors. Because you use Panorama to configure Log Collectors, they are also called managed collectors. A managed collector can be local to the Panorama management server (M-Series appliance or Panorama virtual appliance in Panorama mode) or a Dedicated Log Collector (M-Series appliance in Log Collector mode). Select Panorama > Managed Collectors.
Collector Groups
Enables you to manage Collector Groups. A Collector Group logically groups Log Collectors so you can apply the same configuration settings and assign firewalls to them. Panorama uniformly distributes the logs among all the disks in a Log Collector and across all members in the Collector Group. Select Panorama > Collector Groups.
Plugins
Enables you to manage plugins for third-party integration, such as VMware NSX. Select Panorama > VMware NSX.
VMware NSX
Enables you to automate provisioning of VM-Series firewalls by enabling communication between the NSX Manager and Panorama. Select Panorama > VMware NSX.
Certificate Management
Enables you to configure and manage certificates, certificate profiles, and keys. Select Manage Firewall and Panorama Certificates.
Log Settings
Enables you to forward logs to Simple Network Management Protocol (SNMP) trap receivers, syslog servers, email servers, and HTTP servers. Select Device > Log Settings.
Server Profiles
Enables you to configure profiles for the different server types that provide services to Panorama. Select any of the following to configure a specific server type:
Scheduled Config Export
Enables you to export Panorama and firewall configurations to an FTP server or Secure Copy (SCP) server on a daily basis. Select Panorama > Scheduled Config Export.
Software
Enables you to update Panorama software. Select Panorama > Software.
Dynamic Updates
Enables you to view the latest application definitions and information for new security threats, such as Antivirus signatures (threat prevention license required) and then update Panorama with the new definitions. Select Device > Dynamic Updates.
Support
Enables you to access product and security alerts from Palo Alto Networks. Select Device > Support.
Device Deployment
Enables you to deploy software and content updates to firewalls and Log Collectors. Select Panorama > Device Deployment.
Master Key and Diagnostics
Enables you to specify a master key to encrypt private keys on Panorama. By default, Panorama stores private keys in encrypted form even if you don’t specify a new master key. Select Device > Master Key and Diagnostics.