Simplify Policy and Device Management in Panorama 7.0

Charissa Fleischer

As part of our PAN-OS 7.0 release, you can now take advantage of many new Panorama features designed to simplify policy and device management. Read more about them in the PAN-OS® New Features Guide Version 7.0 or read on for features that were hand-picked by our staff as having the biggest impact.

Device Group Hierarchy and Template Stacks


Are convoluted and outdated rulebases hindering your productivity? Now, it’s easier than ever to set, group, and manage rules by creating nested device groups in a tree hierarchy—with lower-level groups inheriting the policies and objects of higher-level groups—and template stacks, which push the combined settings of multiple templates to firewalls. These panorama features empower you to organize firewalls based on function and location without necessitating a redundant configuration.

Read more >> Device Group Hierarchy and Template Stacks

Multiple Access Domains for Role-Based Access

As an administrator, your time is precious! That’s why we now enable you to control administrator access to information according to areas or levels of responsibility, providing you increased focus and context. Each Panorama Device Group and Template administrator can now have multiple access domains, each controlling access to device groups and templates, and each paired with an administrative role. This enables administrators to filter the Panorama web interface by domain.

Read more >> Role-Based Access Control

Import a Firewall Configuration into Panorama

If you’ve ever tried to migrate a configuration into Panorama, you might know that the process could be a bit tedious and complex. To alleviate this pain point, you can now import firewall configurations into Panorama and can also clone templates and template stacks. These features save you the effort (and headache!) of deleting, recreating, or renaming configuration elements when only a move or copy is needed.

Read more >> Firewall Configuration Import into Panorama

Log Redundancy Within a Collector Group

Logs provide visibility. They enable you to analyze and correlate network events so that you can detect and respond to threats effectively. In Panorama, you can now enable log duplication for a Collector Group to ensure that, if any one Log Collector becomes unavailable, no logs are lost: you can still display all the logs forwarded to the Collector Group and run reports for those logs.

Read more >> Log Redundancy Within a Collector Group

Can’t Get Enough of Panorama 7.0?

For more information about Panorama features in PAN-OS 7.0, check out the Panorama 7.0 Documentation page on the Technical Documentation Site, or select the 7.0 (under OS Version) and Panorama (under Product Category) facets on the Document Search page!

Happy reading!
Your friendly Technical Publications team



Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42