New NGFW User

1. Install and perform the initial configuration for your NGFW.
   This includes activating all the required support licenses.
2. Set up management for your NGFW.
   • NGFW (Managed by Panorama)
     1. Set up Panorama.

        • M-Series Appliance—Set up the M-Series appliance in Management Only or Panorama mode.
        • Panorama Virtual Appliance—Install the Panorama virtual appliance on your preferred hypervisor in Management Only or Panorama mode
     2. Set up an M-Series appliance or Panorama virtual appliance in Log Collector mode.
     3. Register Panorama.
     4. Activate the Panorama support license.
     5. Activate the Panorama device management license (M-Series Appliance or Panorama Virtual Appliance).
     6. Add your managed firewalls and Dedicated Log Collectors to Panorama management.
     7. Upgrade Panorama to the minimum PAN-OS version supported for AI Access Security.
     8. Upgrade your NGFW to the minimum PAN-OS version supported for AI Access Security.
   • NGFW (Managed by Strata Cloud Manager)
     1. Activate the AIOps for NGFW Premium license.
     2. Onboard your NGFW to Strata Cloud Manager.
     3. Install the latest dynamic content updates and upgrade your NGFW to the minimum PAN-OS version supported for AI Access Security.
   • Prisma Access (Managed by Panorama)
     1. Set up Panorama.

        • M-Series Appliance—Set up the M-Series appliance in Management Only or Panorama mode.
        • Panorama Virtual Appliance—Install the Panorama virtual appliance on your preferred hypervisor in Management Only or Panorama mode
     2. Set up an M-Series appliance or Panorama virtual appliance in Log Collector mode.
     3. Register Panorama.
     4. Activate the Panorama support license.
     5. Activate the Panorama device management license (M-Series Appliance or Panorama Virtual Appliance).
     6. Upgrade Panorama to the minimum PAN-OS version supported for AI Access Security.
     7. Install the Cloud Services plugin on Panorama.
        Refer to the Setup Prerequisites for the minimum supported Cloud Services plugin version.
     8. Set up Panorama Managed Prisma Access.
   • Prisma Access (Managed by Strata Cloud Manager)
     1. Activate the AIOps for NGFW Premium license.
     2. Onboard your NGFW to Strata Cloud Manager.
     3. Install the latest dynamic content updates and upgrade your NGFW to the minimum PAN-OS version supported for AI Access Security.
3. Set up Enterprise Data Loss Prevention (E-DLP).
   • NGFW (Managed by Panorama)
     1. Install the Enterprise DLP plugin on Panorama.
     2. Enable Enterprise DLP for NGFW.
     3. Edit the Enterprise DLP cloud content, data filtering, and snippet settings as needed.
   • NGFW (Managed by Strata Cloud Manager)
     1. Enable Enterprise DLP for NGFW.
     2. Edit the Enterprise DLP data filtering and snippet settings as needed.
   • Prisma Access (Managed by Panorama)
     1. Install the Enterprise DLP plugin on Panorama.
     2. Enable Enterprise DLP for Prisma Access.
     3. Edit the Enterprise DLP cloud content, data filtering, and snippet settings as needed.
   • Prisma Access (Managed by Strata Cloud Manager)
     1. Enable Enterprise DLP for NGFW.
     2. Edit the Enterprise DLP data filtering and snippet settings as needed.
4. Click the magic link provided to you by Palo Alto Networks when you purchased the AI Access Security subscription.
5. Click Activate Subscription to begin activating AI Access Security.

6. Enter your Palo Alto Networks Customer Support Portal (CSP) Email Address. This email address must match the email address that received the magic link to activate AI Access Security.
   Create a New Account if the email address that received the AI Access Security activation link does not already have a valid CSP account. The newly created account is automatically associated with the same tenant for which you're activating AI Access Security and assigned a Multitenant Superuser role.

7. (Multitenancy only) In the Specify the Tenant section, select the tenant service group (TSG) for which you want to activate AI Access Security.
   Skip this step if you have only have a single TSG associated with your Customer Support Portal (CSP) account. It will be selected by default.

   Click Done after selecting a tenant to continue.

8. Review the tenant Region. This region is pre-populated based on the region NGFW is deployed and can't be changed.
9. Verify that the AI Access Security License is Fully Assigned
10. Verify that Data Loss Prevention is active on the tenant. Enterprise DLP is a prerequisite for AI Access Security.
11. Agree to the Terms and Conditions.
12. Activate Now.
13. Get Started with AI Access Security.