You can add Palo Alto Networks Panorama as a data source in vRealize Network Insight Cloud.

Prerequisites

Ensure that you have admin role with XML API access. For more details, see Palo Alto Firewall.

In the Panorama UI, do the following steps to add an admin role for XML API.
  1. Select Panorama > Admin Roles.
  2. Click Add to add a new admin role.
  3. In the The Admin Role Profile window, enter the name to the role and select Panorama.
  4. Click the Web UI tab and disable all entries.
  5. Click the XML API tab and disable all entries, except Configuration and Operational Requests.
  6. Click OK to close the window.

    The new admin role appears in the list.

  7. Click Commit.
  8. Assign this role to an administrator account or create a new user and assign this role to the new user.
Note: vRealize Network Insight Cloud does not currently fetch local Palo Alto Network policies that are directly defined in the devices.
Note: vRealize Network Insight Cloud does not support the Palo Alto Panorama integration with multiple NSX managers.

Procedure

  1. On the Settings page, click Accounts and Data Sources.
  2. Click Add Source.
  3. Under Firewalls, click Palo Alto Networks Panorama.
  4. In the Add a New Palo Alto Networks Panorama Account or Source page, provide the required information.
    Option Action
    Collector VM Select a collector VM from the drop-down menu.
    IP Address/FQDN Enter the IP address or the FQDN details.
    Username Enter the user name.
    Password Enter the password.
  5. Click Validate.
  6. Define the polling interval for the configuration data collection. You can set the polling interval from 10 minutes to 7 days.
    • Preset - Select the interval time from the predefined time set.
    • Custom Interval - Set a value and select Minutes, Hours, and Days.
  7. In the Nickname text box, enter a nickname.
  8. (Optional) In the Notes text box, you can add a note if necessary.
  9. Click Submit.