What is Panorama? #
Palo Alto Panorama monitors, configures, and automates management of multiple Palo Alto firewalls. Panorama manages network security with a single security rule base for firewalls that includes configuration management, threat prevention, URL filtering, application awareness, user identification, sandboxing, file blocking, access control, and data filtering.
Why Should You Use the Panorama Connector? #
Panorama is a centralized management system that provides global visibility and control over multiple Palo Alto next-generation firewalls. You can use this visibility to:
-
ensure assets are managed per your security policies
-
find vulnerabilities quickly and remediate
How Does This Connector Work? #
Lucidum executes read-only requests to the Panorama API and ingests only meta-data about Panorama assets. Lucidum does not retrieve any data stored on your assets.
Configuring the Connector in Lucidum #
|
Field |
Description |
Example |
|---|---|---|
|
URL |
The URL of the Palo Alto Panroma API |
https://panfirewall/api |
|
User name |
User name of an admin account with “Operational Requests” enableld for Panorama APIs. |
lucidum_api |
|
Password |
Password for account. |
******************* |
|
Proxy |
If you are using a proxy server to allow this connector to communicate with on-premises devices, enter the IP address: port for the proxy server, usually 192.168.255.6:3128 |
192.168.255.6:3128 |
Configuring Syslog Forwarding to Lucidum #
Palo Alto Panorama API might not return all network traffic information. To allow Lucidum to ingest all network traffic information, Lucidum recommends forwarding the Palo Alto Network logs to a central file storage (for example, an AWS S3 bucket). Lucidum’s file connector can then ingest the log data from file storage.
To configure syslog forwarding for Palo Alto Networks, refer to the documentation below:
Source Documentation #
Creating Account to Access APIs #
-
Create an administrator role (for example, called “Lucidum_API_Role”) and assign it XML API > Operational Requests. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/enable-api-access#ide6063ba8-2b0b-42eb-98c2-eb4914061722
-
Create an administrator account to use with Lucidum. Select role-based and the role you created. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage-firewall-administrators/configure-administrative-accounts-and-authentication/configure-a-firewall-administrator-account#ideef650af-9943-401a-ab08-3a5dcad2bc21
Required Role #
The account that Lucidum uses to access the API for Panorama must have at least this role
-
Administrator account with access to XML API > Operational Requests
API Documentation #
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api
