Use the Panorama Web Interface
Table of Contents
Expand all | Collapse all
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > Interfaces > PoE
- Network > Interfaces > Cellular
- Network > Interfaces > Fail Open
- Network > VLANs
- Network > Virtual Wires
-
- Network > Routing > Logical Routers > General
- Network > Routing > Logical Routers > Static
- Network > Routing > Logical Routers > OSPF
- Network > Routing > Logical Routers > OSPFv3
- Network > Routing > Logical Routers > RIPv2
- Network > Routing > Logical Routers > BGP
- Network > Routing > Logical Routers > Multicast
-
- Network > Routing > Routing Profiles > BGP
- Network > Routing > Routing Profiles > BFD
- Network > Routing > Routing Profiles > OSPF
- Network > Routing > Routing Profiles > OSPFv3
- Network > Routing > Routing Profiles > RIPv2
- Network > Routing > Routing Profiles > Filters
- Network > Routing > Routing Profiles > Multicast
- Network > Proxy
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
- Network > Network Profiles > MACsec Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Setup > ACE
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > IoT Security > DHCP Server Log Ingestion
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > SCP
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
- Device > Policy Recommendation > IoT or SaaS > Import Policy Rule
-
- Device > User Identification > Connection Security
- Device > User Identification > Terminal Server Agents
- Device > User Identification > Group Mapping Settings
- Device > User Identification> Trusted Source Address
- Device > User Identification > Authentication Portal Settings
- Device > User Identification > Cloud Identity Engine
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Firewall Clusters
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
Use the Panorama Web Interface
The web interface on both Panorama and the firewall
has the same look and feel. However, the Panorama web interface
includes additional options and a Panorama-specific tab for managing
Panorama and for using Panorama to manage firewalls and Log Collectors.
The following common fields appear in the header or footer of
several Panorama web interface pages.
Common Field | Description |
---|---|
Context | You can use the Context drop-down above
the left-side menu to switch between the Panorama web interface and
a firewall web interface (see Context
Switch). |
In the Dashboard and Monitor tabs,
click refresh ( | |
Access Domain | An access domain defines access to specific
device groups, templates, and individual firewalls (through the Context drop-down).
If you log in as an administrator with multiple access domains assigned
to your account, the Dashboard, ACC, and Monitor tabs
display information (such as log data) only for the Access
Domain you select in the footer of the web interface. If
only one access domain is assigned to your account, the web interface
does not display the Access Domain drop-down. |
Device Group | A device group comprises firewalls and virtual
systems that you manage as a group (see Panorama
> Device Groups). The Dashboard, ACC, and Monitor tabs
display information (such as log data) only for the Device
Group you select in the tab header. In the Policies and Objects tabs,
you can configure settings for a specific Device Group or
for all device groups (select Shared). |
Template | A template is a group of firewalls with
common network and device settings, and a template stack is a combination
of templates (see Panorama
> Templates). In the Network and Device tabs,
you configure settings for a specific Template or
template stack. Because you can edit settings only within individual
templates, the settings in these tabs are read-only if you select
a template stack. |
View by: Device | By default, the Network and Device tabs
display the settings and values available to firewalls that are
in normal operational mode and that support multiple virtual systems
and VPNs. However, you can use the following options to filter the
tabs to display only the mode-specific settings you want to edit:
|
Mode |
The Panorama tab provides the following
pages for managing Panorama and Log Collectors.
Panorama Pages | Description |
---|---|
Setup | Select PanoramaSetup for the following tasks:
|
High Availability | Enables you to configure high availability
(HA) for a pair of Panorama management servers. Select Panorama
> High Availability. |
Config Audit | Enables you to see the differences between
configuration files. Select Device
> Config Audit. |
Password Profiles | Enables you to define password profiles
for Panorama administrators. Select Device
> Password Profiles. |
Administrators | Enables you to configure Panorama administrator
accounts. Select Panorama
> Administrators. If an administrator
account is locked out, the Administrators page
displays a lock in the Locked User column. You can click the lock
to unlock the account. |
Admin Roles | Enables you to define administrative roles,
which control the privileges and responsibilities of administrators
who access Panorama. Select Panorama
> Admin Roles. |
Access Domain | Enables you to control administrator access
to device groups, templates, template stacks, and the web interface
of firewalls. Select Panorama
> Access Domains. |
Authentication Profile | Enables you to specify a profile for authenticating
access to Panorama. Select Device
> Authentication Profile. |
Authentication Sequence | Enables you to specify a series of authentication
profiles to use for permitting access to Panorama. Select Device
> Authentication Sequence. |
User Identification | Enables you to configure a custom certificate
profile for mutual authentication with User-ID agents. Select Device > User Identification
> Connection Security. |
Data Redistribution | Enables you to selectively redistribute
data to other firewalls or Panorama management systems. Select Device > Data Redistribution. |
Managed Devices | Enables you to manage firewalls, which includes
adding firewalls to Panorama as managed devices, displaying
firewall connection and license status, tagging firewalls, updating
firewall software and content, and loading configuration backups.
Select Panorama
> Managed Devices > Summary. |
Templates | Enables you to manage configuration options
in the Device and Network tabs.
Templates and template stacks enable you to reduce the administrative
effort of deploying multiple firewalls with the same or similar configurations.
Select Panorama
> Templates. |
Device Groups | Enables you to configure device groups,
which group firewalls based on function, network segmentation, or
geographic location. Device groups can include physical firewalls,
virtual firewalls, and virtual systems. Typically, firewalls
in a device group need similar policy configurations. Using the Policies and Objects tab
on Panorama, device groups provide a way to implement a layered
approach for managing policies across a network of managed firewalls.
You can nest device groups in a tree hierarchy of up to four levels.
Descendant groups automatically inherit the policies and objects
of ancestor groups and of the Shared location. Select Panorama
> Device Groups. |
Managed Collectors | Enables you to manage Log Collectors. Because
you use Panorama to configure Log Collectors, they are also called managed collectors.
A managed collector can be local to the Panorama management server
(M-Series appliance or Panorama virtual appliance in Panorama mode)
or a Dedicated Log Collector (M-Series appliance in Log Collector
mode). Select Panorama
> Managed Collectors. You can also install Software
Updates for Dedicated Log Collectors. |
Collector Groups | Enables you to manage Collector Groups.
A Collector Group logically groups Log Collectors so you can apply
the same configuration settings and assign firewalls to them. Panorama
uniformly distributes the logs among all the disks in a Log Collector
and across all members in the Collector Group. Select Panorama
> Collector Groups. |
Plugins | Enables you to manage plugins for third-party
integration, such as VMware NSX. Select Panorama
> VMware NSX. |
VMware NSX | Enables you to automate provisioning of
VM-Series firewalls by enabling communication between the NSX Manager
and Panorama. Select Panorama
> VMware NSX. |
Certificate Management | Enables you to configure and manage certificates,
certificate profiles, and keys. Select Manage
Firewall and Panorama Certificates. |
Log Settings | Enables you to forward logs to Simple Network
Management Protocol (SNMP) trap receivers, syslog servers, email
servers, and HTTP servers. Select Device
> Log Settings. |
Server Profiles | Enables you to configure profiles for the
different server types that provide services to Panorama. Select
any of the following to configure a specific server type: |
Scheduled Config Export | Enables you to export Panorama and firewall
configurations to an FTP server or Secure Copy (SCP) server on a
daily basis. Select Panorama
> Scheduled Config Export. |
Software | Enables you to update Panorama software.
Select Panorama
> Software. |
Dynamic Updates | Enables you to view the latest application
definitions and information for new security threats, such as Antivirus
signatures (threat prevention license required) and then update
Panorama with the new definitions. Select Device
> Dynamic Updates. |
Support | Enables you to access product and security
alerts from Palo Alto Networks. Select Device
> Support. |
Device Deployment | Enables you to deploy software and content
updates to firewalls and Log Collectors. Select Panorama
> Device Deployment. |
Master Key and Diagnostics | Enables you to specify a master key to encrypt
private keys on Panorama. By default, Panorama stores private keys
in encrypted form even if you don’t specify a new master key. Select Device
> Master Key and Diagnostics. |