Palo Alto Networks

Panorama Advanced (managing PanOS)

Advanced means device management mode in SecureTrack is Advanced management

Dashboard and Browsers

Change Tracking
Policy Analysis
Risk
Dashboard
Violations
Cleanup

Change Management

Rule and Object Usage Report
Change Management
Graphical Policy
Real-time Monitoring
Accountability - Saved Revisions
Display IPv6 objects
Change Window
Create SecureChange ticket from Policy Browser for:
Rule Decommission
Rule Modification
Rule Recertification

Policy Analysis

Automatic Policy Generation (APG)
Object Lookup

Auditing and Reporting

Expired Rules Report
Auditing and Reporting

Topology

Static Topology
Dynamic Topology
Calculate impact of NAT rules
Calculate impact of VPN policies

Notes for Panorama Advanced:

  • Visibility for Dynamic Address Groups (DAGs) and Panorama Tags in View Policy, Policy Browser, Topology, and Violations

  • Panorama 8 and earlier is no longer supported.

Panorama Basic (managing PanOS)

Basic means device management mode in SecureTrack is Basic firewall management

Dashboard and Browsers

Change Tracking
Policy Analysis
Risk
Dashboard
Violations
Cleanup

Change Management

Rule and Object Usage Report
Change Management
Graphical Policy
Real-time Monitoring
Accountability - Saved Revisions
Display IPv6 objects
Create SecureChange ticket from Policy Browser for:
Rule Decommission
Rule Recertification

Policy Analysis

Policy Analysis
Object Lookup

Auditing and Reporting

Expired Rules Report
Auditing and Reporting

Topology

Static Topology

Notes for Panorama Basic:

As of R19-3, creating new Panorama - Basic Mode devices is not supported. As of R22-1, retrieving new revisions is not supported. For details see Deprecated Devices

If you use Panorama devices, we recommend using Advanced mode, which is still supported by Tufin

PanOS firewalls

Dashboard and Browsers

Change Tracking
Policy Analysis
Risk
Dashboard
Violations
Cleanup

Change Management

Rule and Object Usage Report
Change Management
Graphical Policy
Real-time Monitoring
Accountability - Saved Revisions
Display IPv6 objects
Create SecureChange ticket from Policy Browser for:
Rule Decommission
Rule Recertification

Policy Analysis

Automatic Policy Generation (APG)
Object Lookup

Auditing and Reporting

Auditing and Reporting

Topology

Static Topology

Notes for PanOS firewalls:

  • Real-time monitoring uses syslogs.
  • APG does not recognize Palo Alto users and applications.
  • Accountability is supported when changes are made directly to a firewall.