You can add Palo Alto Networks Panorama as a data source in VMware Aria Operations for Networks.
Prerequisites
You must ensure that:
- The data source and its version is supported in VMware Aria Operations for Networks. For more information, see Supported Products and Versions.
- The data source follows VMware Ports and Protocols supported in VMware Aria Operations for Networks. For more information, see VMware Ports and Protocols.
- You have admin role with XML API access. For more details, see Palo Alto Firewall.
In the
Panorama UI, perform the following steps to add an admin role for XML API.
- Select .
- Click Add to add a new admin role.
- In the The Admin Role Profile window, enter the name to the role and select Panorama.
- Click the Web UI tab and deactivate all entries.
- Click the XML API tab and deactivate all entries, except Configuration and Operational Requests.
- Click OK to close the window.
The new admin role appears in the list.
- Click Commit.
- Assign this role to an administrator account or create a new user and assign this role to the new user.
Note:
VMware Aria Operations for Networks does not currently fetch local Palo Alto Network policies that are directly defined in the devices.
Note:
VMware Aria Operations for Networks does not support the Palo Alto Panorama integration with multiple NSX managers.
Procedure
What to do next
- Neighbor Discovery (LLDP)
- Layer 3 Routing (IPv4)
- Virtual Router
- Virtual Wire (Supported only in network assurance and verification)
- Security Policy
- Security Zone
- Virtual System (Not supported in network assurance and verification)
Note: VMware Aria Operations for Networks does not support inter-vsys routing of Palo Alto firewalls.
- High Availablility. This feature has limited support and is not supported in network assurance and verification.
Note: VIP interfaces are not supported.