Learn how to generate a device certificate that enables secure communication with
Palo Alto Networks licensing servers.
| Where Can I Use This? | What Do I Need? |
|---|
- Palo Alto Networks Customer Support Portal
|
- Prisma AIRS Licenses
- An outbound internet connection from the Prisma AIRS deployment
- Access to specific FQDNs and ports for certificate
retrieval
|
Before you can deploy
Prisma AIRS AI Runtime firewall, you
must generate a device certificate using a Registration PIN. This certificate is
required to retrieve your site license entitlements and to securely connect to
Prisma AIRS and other Cloud-Delivered Security Services
(CDSS).
- The device certificate ensures secure identity and license validation for
the Prisma AIRS deployment.
- The Registration PIN is unique to your Customer Support account and allows
the system to auto-register and fetch licenses at launch.
To retrieve the site licenses when you launch the Prisma AIRS
AI Runtime firewall, include the auto registration PIN ID and value in the
deployment.
Network Requirements:
To allow the Prisma AIRS AI Runtime firewall instance to
retrieve the device certificate, ensure your network allows outbound traffic to the
following:
|
|
https://api.paloaltonetworks.com http://apitrusted.paloaltonetworks.com https://certificatetrusted.paloaltonetworks.com https://certificate.paloaltonetworks.com
|
TCP 443
|
|
The Registration PIN allows you to apply a site license to your Prisma AIRS AI Runtime firewall at initial startup. The auto
registration PIN enables you to automatically register your usage-based firewalls at
launch with the Customer Support Portal and retrieve site licenses. Use your
Registration PIN before it expires. If you don't, you must return to the Customer
Support Portal to generate a new one.
You’ll use the Registration PIN ID and value during the Prisma AIRS deployment to auto-register the instance and
retrieve the site license. Keep them available and protected until deployment is
complete.
