Panorama: NGFW Management

Adding New Firewalls to Panorama

• Add a FireWall
• Automated Commit recovery
• Automatically Add multiple FireWalls via CSV import
• Tagging
• Organizing Summary Information
• Secure Communication Settings
• Manage device licenses
• Master key

Upgrade firewalls from Panorama

Deploy Content ID Updates to firewalls from Panorama

Lab

• Set location for firewalls
• Copy serial firewall numbers
• Configure firewalls to communicate with Panorama
• Add firewalls to Panorama
• Modify Summary Window columns
• Assign firewall Tags
• Verify firewall licenses
• Schedule Dynamic Updates for firewalls

Panorama solution overview

Deployment options

Panorama platforms

Register and License Panorama

GUI overview

Panorama License and Software update

Plugin Architecture

Services and Interface Configuration

Panorama Commits

Configuration Management

• Config Operations
• Manage Backup incl. export device state from FireWall
• Config export

Lab

• Lab Overview
• Connect to the lab environment
• Log in to the Panorama appliance and both firewalls
• Document configuration and license information
• Configure Panorama Management Interface
• Configure Panorama Settings
• Schedule automatic config exports
• Schedule Content Updates
• Save and export Panorama configuration
• Commit changes

Templates overview

Configuring templates

• Device configuration via template
• Local overwrite

Template Variables

• Overview
• Configuration

Real-life use cases and best practices

Lab

• Create templates
• Create template stacks
• Create template variables
• Push the template stack to managed devices

Device groups overview

Configuring Device Groups

• Setup Device-group hierarchy
• Group and push to HA Peers

Objects

• Create an object – shared/disable override
• Override
• Move
• Device Group and template mapping

Policies

• Rules Hierarchy
• Rulebase structuring
• Configure rules
• Move Rules
• Rulebase preview
• Unused Rules
• Policy rule targets

Rule changes archive

• Audit Comments
• Tag-Based Rule Groups

Real-life use cases and best practices

Lab

• Create device groups
• Configure device group settings

Design Considerations for Deployment

Log storage and retention

• Determine the Log Rate
• Storage calculation
• Log retention

Planning Considerations

Panorama log event forwarding

Lab

• Configure log forwarding on the firewalls
• Configure log settings on the firewalls
• Confirm log forwarding

Customizing Log Tables

Using Filters in Log Tables

Exporting Filtered Data

Lab

• Customize Log Tables in Panorama
• Create and Apply Filters in Log Tables
• Export Filtered Data

Authenticating Panorama administrators

Panorama authentication methods

Admin Role

Creating Administrative Accounts

• Custom Panorama Admin incl. Admin Role
• Device Group and Template Admin incl. Access Domain and Admin Role
• Password Profile and Password Complexity

External Authentication

• Authentication Profile
• LDAP Server Profile

Concurrent Administration

• Config Lock

Lab

• Create LDAP and RADIUS Server Profiles
• Configure Authentication Profiles for LDAP and RADIUS
• Configure admin roles
• Configure admin accounts
• Create access domains
• Demonstrate the use of commit locks

Data Sources Used by Panorama

Operational Information Available in Panorama

Reporting Capabilities in Panorama

Lab

• Examine Panorama ACC data
• Run reports on Panorama
• Explore App Scope
• Identify and respond to threats

Health and Summary Information of Managed Firewalls

Troubleshooting Communication Issues with Panorama

Troubleshooting Commit Errors

Test policy functionality

Lab

• Troubleshoot connectivity issues with a firewall
• Troubleshoot various commit errors
• Troubleshoot loss of internet connectivity