Palo Alto Networks M-700 Management Appliance
8 TB RAID Certified HDD

Simplified, Powerful Policy

Panorama is a security management solution that provides consistent rules in an ever-changing network and threat landscape. Manage your network security with a single security rule base for firewalls, threat prevention, URL filtering, application awareness, user identification, sandboxing, file blocking, access control, and data filtering. This crucial simplification, along with App-ID™ technology-based rules, dynamic security updates, and rule usage analysis, reduces administrative workload and improves your overall security posture.

Consistent Management

Panorama keeps enterprise users in mind. You can control your internet edge as well as your private and public cloud deployments all from a single console. Panorama gives you consistent visibility and management of north-south and east-west traffic, whether it’s hosted on-premises or in the cloud. It centrally manages devices and security configuration for all groups of firewalls across form factors (physical, virtual, cloud-delivered, and containerized). Panorama can be deployed via virtual appliances, our purpose-built appliances, or a combination of the two.

Centralized Visibility and Automation

Automated threat correlation, with a predefined set of correlation objects, cuts through the clutter of monstrous amounts of data. It identifies compromised hosts and correlates malicious behavior that would otherwise be lost in the noise. This reduces the dwell time of critical threats in your network. The clean, fully customizable Application Command Center (ACC) provides comprehensive insight into your current as well as historical network and threat data.

Unmatched Scale

Use a single highly available pair of Panorama appliances to manage up to 5,000 Next-Generation Firewalls, or use the Panorama Interconnect plugin to centralize configuration management and access control for tens of thousands of devices.

Comprehensive Visibility and Management

The ACC provides you an interactive, graphical view of applications, URLs, threats, data files, and patterns traversing your Palo Alto Networks firewalls. The ACC includes a tabbed view of network activity, threat activity, and blocked activity, and each tab includes pertinent widgets for better visualization of traffic patterns on your network. You can create custom tabs with widgets that enable you to drill down into the information most important to the administrator. The ACC provides a comprehensive, fully customizable view of current and historical data.

Additional data on URL categories and threats provides a complete, well-rounded picture of network activity. The visibility from the ACC helps you make informed policy decisions and respond quickly to potential security threats.

Deployment Flexibility

You can deploy Panorama either as a hardware or virtual appliance.

Hardware Appliances

Panorama can be deployed as the M-200, M-300, M-600, or M-700 management appliance.

Virtual Appliances

Panorama can be deployed as a virtual appliance on VMware ESXi™, KVM, Nutanix, OCI and Microsoft Hyper-V®. In public cloud environments, including Google Cloud Platform (GCP®), Amazon Web Services (AWS®), AWS GovCloud, Alibaba Cloud, Microsoft Azure®, and Azure GovCloud.

Deployment Modes

You can separate management and logging functions of Panorama using deployment modes. The three supported deployment modes are:

1. Management Only: Panorama manages configurations for the managed devices but does not collect or manage logs.
2. Panorama: Panorama controls both policy and log management functions for all managed devices.
3. Log Collector: Panorama collects and manages logs from managed devices. This assumes another deployment of Panorama is operating in Management Only mode.

Reduced Response Times

The automated correlation engine built into the Next-Generation Firewall surfaces critical threats that may be hidden in your network. It includes correlation objects that identify suspicious traffic patterns or sequences of events that indicate malicious outcomes. Some correlation objects can identify dynamic patterns previously observed from malware samples in WildFire® malware prevention service.

Simple Policy Control

Safely enabling applications means allowing access to specific applications and protecting them with specific policies for Threat Prevention and access control as well as file, data, and URL filtering. You can transform your bulky legacy rule base into an intuitive policy that strengthens security and takes much less time to manage. Panorama empowers you to set policy with a single security rule base and simplifies the process of importing, duplicating, or modifying rules across your network. The combination of global and regional administrative control over policies and objects lets you strike a balance between consistent security at the global level and flexibility at the regional level.

Easy-to-Use, Centralized Management

Deploying hierarchical device groups ensures lower-level groups inherit the settings of higher-level groups. This streamlines central management and enables you to organize devices based on function and location without redundant configuration. Template stacking allows for streamlined configuration of networks and devices. Furthermore, a common user interface for Next-Generation Firewalls makes management intuitive. Features like Global Find, audit comments, universal unique identifier (UUID) for all rules, and tag-based rule grouping empower your IT administrators to take advantage of all the information in your network with ease.

Enhanced Visibility and Troubleshooting for Mobile Workers

GlobalProtect™ network security for endpoints extends Next-Generation Firewall capabilities to mobile workers. By leveraging Panorama, you can get greater visibility into user connection failures at all stages, use authentication logs to help you troubleshoot issues with user accounts, and enforce access control based on specific data in GlobalProtect logs.

Traffic Monitoring: Analysis, Reporting, and Forensics

Panorama pulls and stores logs from physical and virtualized firewalls, Cortex® Data Lake, and Cortex XDR® agents. As you perform log queries and generate reports, Panorama dynamically pulls relevant logs from its storage and presents the results to the user:

• Log viewer: For individual devices, all devices, or Cortex XDR agents, you can quickly view log activities with dynamic log filtering by clicking on a cell value and/or using the expression builder to define sort criteria. You can also save results for future queries or export them for further analysis.
• Custom reporting: Predefined reports can be used as is, customized, or grouped together as one report to suit specific requirements.
• User activity reports: These reports show the applications used, URL categories visited, websites visited, and all URLs visited over a specified period for individual users. Panorama builds these reports using an aggregate view of user activity, no matter the user’s device or IP, and no matter which firewall is protecting a given user.
• SaaS reports: A software-as-a-service (SaaS) usage and threat report provides detailed visibility into all SaaS activity on the firewalls as well as related threats.
• Log forwarding: Panorama can forward logs from Cortex XDR agents and your Palo Alto Networks Firewalls for storage, forensics, reporting, etc. It can forward all or selected logs, SNMP traps, and email notifications to a remote destination over UDP, TCP, or SSL. Panorama can also send logs to third-party providers of HTTP-based APIs, such as ticketing services or systems management products.

Panorama Management Architecture

Panorama enables you to manage your Palo Alto Networks Firewalls using a model that provides both global oversight and regional control. Panorama provides multiple tools for global or centralized administration.

Templates/Template Stacks

Panorama manages common device and network configuration through templates, which can be used to manage configuration centrally and push changes to managed firewalls. This approach avoids the need to make the same individual firewall changes repeatedly across many devices. To make things even easier, templates can be stacked and used like building blocks during device and network configuration.

Hierarchical Device Groups

Panorama manages common policies and objects through hierarchical device groups. Multilevel device groups are used to centrally manage the policies across all deployment locations with common requirements. Device group hierarchy may be created geographically (e.g., Europe, North America, and Asia); functionally (e.g., data center, main campus, and branch offices); as a mix of both; or based on other criteria. This allows for common policy sharing across different virtual systems on a device. You can use shared policies for global control while still allowing your regional firewall administrators autonomy to make specific adjustments for their requirements. At the device group level, you can create shared policies that are defined as the first set of rules and the last set of rules—the pre-rules and post-rules, respectively—to be evaluated against match criteria. Pre- and post-rules can be viewed on a managed firewall, but they can only be edited from Panorama within the context of the administrative roles that have been defined. The device rules, that is, those between pre- and post-rules, can be edited by either your regional firewall administrator or a Panorama administrator who has switched to a firewall device context. In addition, an organization can use shared objects defined by a Panorama administrator, which can be referenced by regionally managed device rules.

Role-Based Administration

Role-based administration is used to delegate feature-level administrative access, including the availability of data—enabled, read-only, or disabled and hidden from view—to different members of your staff. You can give specific individuals appropriate access to the tasks pertinent to their job while making other access either hidden or read-only. Administrators can commit or revert changes they make in a Panorama configuration independently of changes made by other administrators.

Software, License Update, and Content Management

As your deployment grows, you may want to make sure updates are sent to downstream boxes in an organized manner. For instance, security teams may prefer to centrally qualify a software update before it is delivered via Panorama to all production firewalls at once. Panorama lets you centrally manage the update process for software updates, licenses, and content—including application updates, antivirus signatures, threat signatures, URL Filtering database entries, etc. Using templates, device groups, role-based administration, and update management, you can delegate appropriate access to all management functions, visualization tools, policy creation, reporting, and logging at global as well as regional levels.

Deployment Scale

The Panorama Interconnect plugin connects multiple Panorama instances to scale firewall management to tens of thousands of firewalls. By leveraging the plugin, the Panorama Controller allows you to synchronize the configuration, quickly onboard firewalls, and schedule content updates from a central location (see figure 6), in turn simplifying management of all your firewalls regardless of their location— on-premises or in the cloud. Note: Panorama Interconnect is supported only on M-600 and M-700 appliances or similarly resourced VMs.