Learn how to generate a device certificate that enables secure communication with
Palo Alto Networks licensing servers.
| Where Can I Use This? | What Do I Need? |
|---|
- Palo Alto Networks Customer Support Portal
|
|
The
AI Runtime Security: Network intercept requires a device
certificate to retrieve the site license entitlements and securely access
AI Runtime Security and Cloud-Delivered Security Services. Each PIN
is generated on the
Customer Support Portal and is unique to your Palo Alto
Networks support account.
To retrieve the site licenses when you launch the AI Runtime Security: Network intercept, you
must include the auto registration PIN ID and value in the deployment.
To successfully install the device certificate, the AI Runtime Security: Network intercept requires an outbound internet connection. Also, allow the following
fully qualified domain names (FQDN) and ports on your network.
|
FQDN
|
Ports
|
|---|
|
|
TCP 80
|
https://api.paloaltonetworks.com http://apitrusted.paloaltonetworks.com https://certificatetrusted.paloaltonetworks.com https://certificate.paloaltonetworks.com
|
TCP 443
|
|
|
TCP 444 and TCP 443
|
The Registration PIN allows you to apply a site license to your AI Runtime
Security: Network intercept at initial startup. The auto registration PIN enables
you to automatically register your usage-based firewalls at launch with the Customer
Support Portal and retrieve site licenses. Use your Registration PIN before it
expires. If you don't, you must return to the Customer Support Portal to generate a
new one.
The Registration PIN ID and value are required to complete the deployment procedure.
Keep the PIN ID and value handy for later use.
