: Data Redistribution Using Panorama
Focus
Focus

Data Redistribution Using Panorama

Table of Contents
End-of-Life (EoL)

Data Redistribution Using Panorama

With data redistribution, you only have to configure each source once, then you can redistribute multiple data types to as many clients as needed. This helps you to scale your network so that you can easily add or remove source and clients as your network needs change.
Data redistribution also provides granularity by redistributing only the types of information to only the firewalls or Panorama management systems that you specify. You can use subnets, ranges, and regions to further reduce network traffic and maximize device capacity.
One of the key benefits of the Palo Alto Networks firewall is that it can enforce policies and generate reports based on usernames and tags instead of IP addresses. The challenge for large-scale networks is ensuring every firewall that enforces policies and generates reports has the mappings and tags that apply for all of your policy rules. Additionally, every firewall that enforces Authentication Policy requires a complete, identical set of authentication timestamps for your user base. Whenever users authenticate to access services and applications, individual firewalls record the associated timestamps but don’t automatically share them with other firewalls to ensure consistency. Data redistribution solves these challenges for large-scale networks by enabling you to redistribute the necessary data. However, instead of setting up extra connections to redistribute the data between firewalls, you can leverage your Panorama infrastructure to Redistribute Data to Managed Firewalls. The infrastructure has existing connections that enable you to redistribute data in layers, from firewalls to Panorama. Panorama can then redistribute the information to the firewalls that enforce policies and generate reports.
Each firewall or Panorama management server can receive data from up to 100 redistribution points. The redistribution points can be other firewalls or Panorama management servers. However, you can also use Windows-based User-ID agents to perform the mapping and redistribute the information to firewalls. Only the firewalls record authentication timestamps when user traffic matches Authentication policy rules.