Created with Lunacy. Best Practice Assessment. IPS 5 Gbps. Could you please explain how the thoughput is calculated ? A general design guideline is to keep all collectors that are members of the same group close together. For existing customers, we can leverage data gathered from their existing firewalls and log collectors: There are several factors that drive log storage requirements. If your organization or organizational needs are not represented in this calculator, please contact a Palo Alto Networks representative for . Concurrent Sessions. IPS, antivirus, and anti-spyware features enabled, utilizing 64K When planning a log collection infrastructure, there are three main considerations that dictate how much storage needs to be provided. Configure Prisma Access for NetworksAllocating Bandwidth by Location. Please use the form below for sizing recommendation from an expert on any Palo Alto Networks product. Does the customer require dual power supplies? On average, 1TB of storage on the Logging Service will provide 30 days retention for 5000 users. Built for security operations Focus is on the minimum number of days worth of logs that needs to be stored. The changes are based on direct customer feedback enabling users to navigate based on intents: Product Configuration, Administrative Tasks, Education and Certification, and Resolve an Issue, Sizing Storage Using the Logging Service Calculator, Copyright 2007 - 2023 - Palo Alto Networks, Enterprise Data Loss Prevention Discussions, Prisma Access for MSPs and Distributed Enterprises Discussions, Prisma Access Cloud Management Discussions, Prisma Access for MSPs and Distributed Enterprises, Prisma "cloud code security" (CCS) module, NEW: Cortex XSIAM Resources on LIVEcommunity, How to Use Cortex XDR to Monitor Cryptojacking Malware, Choosing the Right Metadata for Phishing and Email Incidents, DOTW: TCP Resets from Client and Server aka TCP-RST-FROM-Client, Cortex XSOAR: Archiving Hosted Data for XSOAR 6, TLP Update (2.0), Going Softer on AMBER and Adding AMBER+STRICT. It definitely gets tough when the client can't give more than general info like this. In these cases suggest Syslog forwarding for archival purposes. You will find useful tips for planning and helpful links for examples. Created with Lunacy. You also want to consider if you are doing site to site or mobile VPN with your firewall solution. Dedicated Panoramas running in log collector mode to collect and manage logs from managed devices. This method has the advantage of yielding an average over several days. Firewall Sizing : r/paloaltonetworks - reddit