Device Management Flexibility

As a means of leveraging the depth of existing firewall knowledge and accelerating the implementation process, the management interface has been purposefully designed with a familiar look and feel. Using Panorama, the device web interface, or a full Command Line Interface (CLI), experienced firewall administrators can quickly become comfortable managing Palo Alto Networks next-generation firewalls.

Intuitive and efficient policy creation workflow.

The familiar look and feel of the policy editor enables administrators to efficiently create and manage policies that combine firewall policies with IPS, antivirus, antispyware and data filtering profiles. Creating policies in a unified manner is quickly accomplished using a policy browser that prompts an administrator for the key data element required to create a new policy. Existing policies can be edited in the same manner, or they can be modified in a column-by-column manner, using drag-and-drop for commonly used objects (users, applications, services, IP addresses). Rule tagging and searching, column hiding, re-sizing/re-order are just a few of the other features that help streamline the policy workflow.

Centralized visibility and management for a network of Palo Alto Networks firewalls.

Panorama provides centralized management of multiple Palo Alto Networks next-generation firewalls, enabling administrative access to view applications, who is using them, any associated threats and respond by deploying global, single device, or combined policies. With a user interface that is the same as the individual device, any learning curve when moving from one to another is virtually eliminated. Object-level sharing and global rules help to streamline administrative tasks and minimize repetitive data entry errors. Logs can be consolidated and filtered to gain an aggregate view of network activity while reports can be generated for an individual or multiple firewalls.

Fine-grained control over administrative access.

For those environments where different staff members require varied levels of access to the management interface, role-based administration administrative access allows any of the device features to be fully enabled, read-only, or disabled (hidden from view). Supported in both the individual device UI and Panorama, role-based administration allows specific individuals to be given appropriate access to the tasks that are pertinent to their job. Examples:

  • Operations staff can have access to the device and networking configuration.
  • Security administrators are given control over security policy definition, the log viewer and reporting.
  • Key individuals are given full CLI access while for others, the CLI may be disabled.

All administrative activities are logged, showing the time of occurrence, the administrator, the management interface used (web UI, CLI, Panorama), the command or action taken along with the result.

Traffic analysis and reporting across a network of devices.

Administrators can gain valuable insight into applications, users and content activity across an entire network of Palo Alto Networks next-generation firewalls using Application Command Center (ACC), App-Scope, the log viewer and customizable reporting. Seamlessly moving from a global view to an individual device view is as easy as a click of a mouse.

Industry standard management tools and APIs.

A rich set of industry standard management interfaces combined with a rich set of APIs allows organizations to integrate with existing third party solutions for policy management, log analysis, reporting and more.

  • APIs: A REST management API and a User-ID XML API provides customers with a rich set of tools that can be used to streamline operations and integrate with existing, internally developed applications and repositories.
  • Syslog and SNMP v2/3: All logs can be sent to a syslog server for archival and analysis purposes while SNMP v2/3 support enables integration with systems management tools.
  • Netflow: Customers can export IP traffic flow information to a Netflow connector. Separate template records are defined for IPv4, IPv4 with NAT, and IPv6 traffic, and PAN-OS specific fields for App-ID and User-ID can be optionally exported. Netflow integration is not supported on the PA-4000 Series.

In addition to the management interfaces and APIs, the Palo Alto Networks Technology Partner Program contains many leading management, reporting, and analysis vendors.

Free Consultation

Due to our numerous partnerships, we can provide unbiased opinions on the best solution for your environment.

Unbeatable Prices

Our partnership levels give us the highest product discounts which we pass on as savings to our customers.

Professional Services

Finish your IT projects on-time and under budget with our nation-wide team of senior level engineers.

24x7 Tech Support

Rest assured knowing that our U.S. based IT support team is here for you on nights, weekends and when you need us most.