This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Palo Alto Panorama support

Hello,

We are looking to add a Palo Alto Panorma device to our NPM so we don't need to add all of the 30+ PA's to NPM. Does anyone have experience with Panorama in NPM? We don't have the gear yet to test to test ourselves. We are looking to see if the NPM can alert us on Up/down, interface alerts and the like. Any help is appreciated.

Thanks,

Danny

  • I have panorama.     From an NPM perspective, adding Panorama is NOT going to monitor all your firewalls.    All I get are the interfaces from the Panorama in my interfaces tab.    I am monitoring all 18 of my PAN firewalls separately,

    again from an NPM perspective.

    NCM on the other hand is more subjective.    I have two PAN firewalls that I have not yet configured to be managed with DeviceGroups and Templates so those firewalls backup with a nice clean XML file I can just import into a a replacement device or to recover from a corrupted config.

    The firewalls that are managed with DeviceGroups and Templates I need and receive two backups.     One from the PAN Firewall which really only consists of management interface, panorama IPs and some management services.     The primary backup for all the firewalls is the Panorama backup.   Every line of config from all your firewalls is in this one precious XML.     Recover the panorama, recover the network.   

    I would be interested in your experience once you get your Panorama.

  • 30+ firewalls doesn't seem like all that many, maybe I'm misunderstanding what you're looking to implement? You really need to directly add them to NPM. You'll get all the interfaces (including tunnels, VLANs, etc.), memory, CPU, and storage. I don't get firmware versions, but our Palo Altos will be replaced with Fortinets soon, so I'm not too worried about that.

  • I have added a PA-200 to our NPM but I don't see Vlans or Tunnels etc, all I see are the physical interfaces.

    Is there something else that needs to be done to see thesE?

    Thanks

  • Never mind, seems its a 7.x feature as I added another one on this release and could see the additional interfaces