The following log forwarding options are supported by Palo Alto NETWORKS firewalls and Panorama. Consider the logging capacity of your Panorama Models and Determine Panorama Log Storage Requirements before selecting an option.

• Logs from firewalls are forwarded to Panorama, while logs from Panorama are forwarded to external services: This option is ideal for INSTALLATIONS where the bandwidth between firewalls and external services is insufficient to SUPPORT the logging RATE, which is common when the connections are remote. By offloading some processing to Panorama, this setup increases firewall performance.
• Panorama and external services receive logs from firewalls at the same time: Panorama and the external services are both endpoints of distinct log forwarding flows in this arrangement; the firewalls do not rely on Panorama to pass logs to external services. This setting is suitable for installations where the connections between firewalls and external services have enough bandwidth to support the logging rate, which is common when the connections are local.