Managed Firewall Information
Table of Contents
Expand all | Collapse all
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > Interfaces > PoE
- Network > Interfaces > Cellular
- Network > Interfaces > Fail Open
- Network > VLANs
- Network > Virtual Wires
-
- Network > Routing > Logical Routers > General
- Network > Routing > Logical Routers > Static
- Network > Routing > Logical Routers > OSPF
- Network > Routing > Logical Routers > OSPFv3
- Network > Routing > Logical Routers > RIPv2
- Network > Routing > Logical Routers > BGP
- Network > Routing > Logical Routers > Multicast
-
- Network > Routing > Routing Profiles > BGP
- Network > Routing > Routing Profiles > BFD
- Network > Routing > Routing Profiles > OSPF
- Network > Routing > Routing Profiles > OSPFv3
- Network > Routing > Routing Profiles > RIPv2
- Network > Routing > Routing Profiles > Filters
- Network > Routing > Routing Profiles > Multicast
- Network > Proxy
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
- Network > Network Profiles > MACsec Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Setup > ACE
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > IoT Security > DHCP Server Log Ingestion
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > SCP
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
- Device > Policy Recommendation > IoT or SaaS > Import Policy Rule
-
- Device > User Identification > Connection Security
- Device > User Identification > Terminal Server Agents
- Device > User Identification > Group Mapping Settings
- Device > User Identification> Trusted Source Address
- Device > User Identification > Authentication Portal Settings
- Device > User Identification > Cloud Identity Engine
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Firewall Clusters
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
Managed Firewall Information
Select PanoramaManaged DevicesSummary to
display the following information for each managed firewall.
Managed Firewall Information | Description |
---|---|
Device Group | Displays the name of the device group in
which the firewall is a member. By default, this column is hidden,
though you can display it by selecting the drop-down in any column
header and selecting ColumnsDevice Group. The page
displays firewalls in clusters according to their device group.
Each cluster has a header row that displays the device group name,
the total number of assigned firewalls, the number of connected
firewalls, and the device group path in the hierarchy. For example, Data center (2/4 Devices Connected): SharedEuropeData center would
indicate that a device group named Data center has
four member firewalls (two of which are connected) and is a child
of a device group named Europe. You can collapse
or expand any device group to hide or display its firewalls. |
Device Name | Displays the hostname or serial number of
the firewall. For the VM-Series NSX edition firewall, the
firewall name appends the hostname of the ESXi host. For example,
PA-VM: Host-NY5105 |
Virtual System | Lists the virtual systems available on a
firewall that is in Multiple Virtual Systems mode. |
Model | Displays the firewall model. |
Tags | Displays the tags defined for each firewall/virtual system. |
Serial Number | Displays the serial number of the firewall. |
Operational Mode | Displays the operational mode of the firewall.
Can be FIPS-CC or Normal. |
IP Address | Displays the IP address of the firewall/virtual
system. |
IPv4—IPv4 address of the firewall/virtual system. | |
IPv6—IPv6 address of the firewall/virtual system. | |
Variables | Create device specific variable definitions
by copying them from a device in the template stack, or Edit existing
variable definitions to create unique variables for the device.
This column will be empty if the device is not associated with a
template stack. By default, variables are inherited from the template
stack. See Create
or Edit Variable Definition on a Device. |
Template | Displays the template stack to which the
firewall is assigned. |
Status | Device State—Indicates the state
of the connection between Panorama and the firewall: Connected or Disconnected. A
VM-Series firewall can have two additional states:
|
HA Status—Indicates whether the firewall is:
| |
Shared Policy—Indicates whether the
policy and object configurations on the firewall are synchronized
with Panorama. | |
Template—Indicates whether the network
and device configurations on the firewall are synchronized with Panorama. | |
Status (cont) | Certificate—Indicates the managed
device’s client certificate status.
|
Last Commit
State—Indicates whether the last commit failed or succeeded
on the firewall. | |
Software Version | Apps and Threat | Antivirus
| URL Filtering | GlobalProtect™ Client | WildFire | Displays the software and content versions
that are currently installed on the firewall. For details, see Firewall
Software and Content Updates. |
Backups | On each firewall commit, PAN-OS
automatically sends a firewall configuration backup to Panorama.
Click Manage to view the available configuration
backups and optionally load one. For details, see Firewall
Backups. |
Last Master Key Push | Displays the status of the master key deployment
from Panorama to the firewall. |
Status—Displays the latest master
key push status. Can be Success or Failed. Unknown is
displayed if a master key has not been pushed to the firewall from
Panorama. | |
Timestamp—Displays the date and time
of the latest master key push from Panorama. | |
Containers—If you deployed
the CN-Series firewall to secure your containerized application workloads
on Kubernetes clusters, use the following columns. | |
Container Number of Nodes | Displays the number of containerized firewall
data plane (CN-NGFW) that are connected to the Management plane (CN-Mgmt)
registered to Panorama. The value can be 0—30 CN-NGFW pods
for each pair of CN-Mgmt pods. |
Container Notes | Future use |
Create Device Variable Definition
When a device is added to a template stack, the user
has the option of creating device specific variables by copying existing
overridden variables from a device in the same template stack, or
override the template or template stack variables individually for
the device.
When a device is first added to a template stack, you
have the option to create device-specific variable definitions copied
from devices in the template stack or you can edit the template
variable definitions through PanoramaManaged DevicesSummary.
By default, all variable definitions are inherited from the template
stack and you can only override, and —not delete—the variable definitions
for an individual device. You can use variables to replace IP address
objects and IP address literals (IP Netmask, IP Range, FQDN) in
all areas of the configuration, interfaces in the IKE Gateway configuration
(Interface) and HA configuration (Group ID).
Create Device Variable
Definition Information | Description |
---|---|
Clone device variable definition
from another device in the template stack? | |
No | View the existing variable definitions and edit as needed. See Panorama > Templates > Template Variables. |
Yes | Select a device in the drop-down from which
to clone variable definitions and then select the specific variable definitions
you want to clone. |