How to Activate AIOps for NGFW
Focus
Focus
Next-Generation Firewall

How to Activate AIOps for NGFW

Table of Contents

How to Activate AIOps for NGFW

Learn about how to activate AIOps for NGFW.
Where Can I Use This?
What Do I Need?
  • NGFW (Cloud Managed)
  • NGFW (PAN-OS or Panorama Managed)
  • VM-Series, funded with Software NGFW Credits
  • AIOps for NGFW Free (use the AIOps for NGFW Free app)
    or
  • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
Here are the different scenarios for activating
AIOps for NGFW
:
Scenario
Plan
Activating
AIOps for NGFW
Free
Activating
AIOps for NGFW
Premium (use Strata Cloud Manager app)
Onboarding new devices to the activated
AIOps for NGFW
Free instance
Onboarding new devices to the activated
AIOps for NGFW
Premium (use Strata Cloud Manager app)
Activating ELA
AIOps for NGFW
Premium
Using Strata Cloud Manager (AIOps for NGFW Premium) to manage VM-Series
Using Strata Cloud Manager (AIOps for NGFW Premium) for Panorama Managed VM-Series
Converting AIOps for NGFW Premium trial license to production
Strata Cloud Manager provides unified management and operations only for NGFWs using the AIOps for NGFW Premium license. The application tile name on the hub for AIOps for NGFW (the premium app only) is now changed to Strata Cloud Manager. With this update, the application URL has also changed to stratacloudmanager.paloaltonetworks.com, and you’ll also now see the Strata Cloud Manager logo on the left navigation pane. Continue to use the AIOps for NGFW Free app for the NGFWs onboarded to AIOps for NGFW Free.
FedRAMP accounts can't use
AIOps for NGFW
. To check if this applies to you, sign in to your Customer Support Portal account and select
Account Management
Account Details
. If you see a
FedRamp Account
listed, then you cannot use
AIOps for NGFW
.

Activate
AIOps for NGFW
(Free)

Activation requires the Account Administrator or App Administrator role.
  1. Log in to the hub with the tenant-centric view.
    Toggle
    View by Support Account
    off if you're in the Support Account view.
    If you don't have an existing tenant, login to the hub with the support account view.
  2. Find
    AIOps for NGFW
    Free and select
    Activate
    .
  3. Complete the form.
    Tenant
    Select the tenant where you will activate the AIOps for NGFW Free instance. If you don’t have an existing tenant, select
    Create New
    .
    Customer Support Account
    Your Customer Support Portal account ID.
    Region
    The deployment region and the region where your data logs are stored. See Regions for AIOps for NGFW.
    Cortex Data Lake
    The
    Cortex Data Lake
    from which you want to send data to AIOps for NGFW Free. If you have a logging CDL, you can associate it with AIOps for NGFW Free. Otherwise, you can skip it.
  4. Agree to the Terms and Conditions
    and
    Activate
    .
  5. AIOps for NGFW Free is ready after
    Status
    shows
    Complete
    .
  6. Associate devices to a tenant containing your AIOps for NGFW Free instance.
    1. Log in to the hub.
    2. Select
      Common Services
      Device Associations
      .
    3. Select
      Add Device
      .
    4. Select one or more firewalls or Panorama appliances and
      Save
      .
    You need to associate Panorama to the tenant containing AIOps for NGFW Free if you're onboarding Panorama-managed deployments. Make sure to individually associate all the firewalls managed by Panorama to the tenant.
    The devices that you associated with the tenant will be automatically added to AIOps for NGFW Free. For more information, see Associate devices to a tenant.
    • For AIOps for NGFW Free activation, associating apps with devices isn't required.
    • You can associate devices to a tenant at the beginning of activation if you already have an existing tenant.
    • You can remove device associations if, for example, you are retiring or returning a firewall or Panorama appliance, or if you want to associate it with another tenant service group (TSG).
  7. Enable telemetry on devices.
    1. Confirm the device is registered in the Customer Support Portal by logging in to support.paloaltonetworks.com, switch to your account (if necessary), and identify your device in
      Assets
      Devices
      .
    2. Install a device certificate on the devices you want to onboard.
    3. Enable telemetry sharing on the devices.
    After you onboard the devices and enable telemetry, it takes around a couple of hours for the first set of insights to be visible on the AIOps for NGFW dashboard. The process of generating and sending telemetry on the device's side is done in batches, with each metric being sampled and collected at a frequency optimized for the use cases the metric is used for. This batch process can result in a delay between onboarding the firewall and the availability of insights. It might take several hours for all insights associated with a newly onboarded device to appear on the AIOps for NGFW dashboard.
  8. Log in to AIOps for NGFW Free by clicking on its icon in the hub.

Recommended For You