1. Home
    2. AWS
    3. Cloud NGFW for AWS
    4. Panorama Policy Management
    5. Integrating Panorama
    6. Link the Cloud NGFW to Palo Alto Networks Management

    Link the Cloud NGFW to Palo Alto Networks Management

    Link Cloud NGFW to Panorama
    You have two options for linking:
    1. Link the Cloud NGFW to Palo Alto Networks with Panorama for policy management only.
    2. Link the Cloud NGFW tenant with Panorama for policy management and Cortex Data Lake for log management.
    You must be subscribed to the Cloud NGFW service using AWS Marketplace to integrate Cloud NGFW with Panorama. After linking your Cloud NGFW tenant to Panorama, you can view the tenants and resources, along with their status, in the Panorama console under the AWS plugin.
    Once you link your Cloud NGFW resource to Panorama, you cannot unlink it. Palo Alto Networks recommends that you create a support case. For more information, see Create a Support Case later in this article.
    To link your Cloud NGFW tenant to Panorama using the Cloud NGFW:
    1. Select
      Integrations
      .
    2. In the
      Policy Management
      section, click
      Edit
      .
      The
      Edit Policy Management
      screen displays Panorama serial numbers to integrate with your Cloud NGFW resource. This screen displays two different icons describing the state of the Panorama license; a Panorama linked to CDL, and a Panorama that is not linked to CDL. The image below illustrates these icons:
    3. In the
      Edit Policy Management
       screen, select the
      Primary Panorama Serial Number
       from the drop-down menu. For HA environments, select the
      Secondary Panorama Serial Number
      from the drop-down menu.
      If you select a Panorama serial number that is not linked to CDL, you must specify an option to either cancel the linking process, in which case you agree to procure a CDL license and associate it with your Panorama appliance, or, you agree to continue using Panorama for policy management only:
      If you select a Panorama license that is already connected to a CDL, you are asked to
      Confirm
       the association before continuing with the integration process:
      After selecting the Panorama license, click
      Continue
      .
      The Cloud NGFW tenant automatically pulls the CDL information from Panorama. If you do not plan to use CDL for logging, you can send logs to AWS. For more information, see Configure Logging for Cloud NGFW on AWS.
      The Integrations page displays the serial numbers and CDL ID:

    Create a support case

    If you linked a Cloud NGFW resource to Panorama and you wish to unlink it, contact Palo Alto Support for additional information. When creating the support case, you may be asked to provide additional information, like the AWS account ID, and the tenant ID for the resource.
    To create a support case using the Cloud NGFW console:
    1. Locate your
      AWS Account ID
      . Select
      AWS Accounts
      .
    2. If required, use the Panorama console to determine additional information for the support case, like the tenant ID, or the Panorama serial number.
      Locate the Panorama serial number using the
      Dashboard
      :
      Locate the
      Tenant ID
       for the Cloud NGFW resource:
    3. On the Overview page in the Cloud NGFW console, click
      Create a Case
      .

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo