Panorama CloudConnector Plugin Overview

🔍 What is the Panorama CloudConnector Plugin?

The Panorama CloudConnector Plugin enables integration between Panorama and Palo Alto Networks' cloud-based management platforms, such as AIOps for NGFW and Strata Cloud Manager. This integration allows administrators to proactively analyze and optimize security policy rulebases before deploying them to managed firewalls.

Key features include:

• Policy Analyzer: Evaluates security policies for best practices, identifying anomalies like shadows, redundancies, and conflicts.
• Proactive Best Practice Assessment: Checks configurations against recommended best practices prior to deployment.

For more information, refer to the official documentation: Panorama CloudConnector Plugin - Palo Alto Networks

⚙️ Implementation Steps

1. Install the Plugin:
   • Ensure Panorama is running PAN-OS 10.2.3 or later.
   • For PAN-OS 11.0.1 and above, the plugin is pre-installed.
   • Enable the plugin using the CLI command:

     request plugins cloudconnector enable basic

2. Configure Integration Settings:
   • Ensure Panorama has a device certificate installed.
   • Enable device telemetry on Panorama.
   • Configure proxy settings if required for internet access.
   • Allow outbound communication to the appropriate regional Strata Logging Service FQDN, such as:
     • Americas: https://prod.us.secure-policy.cloudmgmt.paloaltonetworks.com/
     • Europe: https://prod.eu.secure-policy.cloudmgmt.paloaltonetworks.com/
3. Utilize Policy Analyzer:
   • Connect AIOps for NGFW or Strata Cloud Manager to Panorama.
   • Use the Policy Analyzer to review and optimize security policies before pushing them to managed firewalls.

📚 References

• Panorama CloudConnector Plugin - Palo Alto Networks
• Panorama Plugin for AIOps Release Notes