Register the CN-Series Firewall Auth Code

Register your CN-Series firewall auth code on the Palo Alto Networks Customer Support Portal (CSP)
CN-Series firewall licensing is managed by the Kubernetes plugin on Panorama. The CN-Series firewalls are licensed based on the number of Kubernetes nodes you want to secure with one token is allocated to each CN-NGFW pod that secures a Kubernetes node. Node-based licensing provides you the flexibility of running as many pods as you need on a node that is being secured with the CN-Series firewall. Since the pods can move to the different nodes within the cluster the actual throughput the firewall will need per node can vary over time. Given the dynamic nature of Kubernetes, with node-based licensing you do not need to predict your throughput needs upfront. Your security administrator can provide an initial estimate of the total number of nodes they want to protect, and as your security needs increase, you can then purchase additional tokens as required and add it to Panorama. The license bundle can be CN-X-BASIC, CN-X-BND1, or CN-X-BND2.
  • The basic bundle includes the firewall capacity license and support entitlement.
  • Bundle 1 includes Threat Prevention and support entitlement.
  • Bundle 2 includes Threat Prevention, URL Filtering, DNS Service, and WildFire subscription and support entitlement.
For more details on the licenses, see Subscriptions.
Before you begin with Install the Kubernetes Plugin and Set up Panorama for CN-Series, you must register the auth code for the CN-Series firewall.
  1. Log in to the Palo Alto Networks Customer Support website with your account credentials.
    If you need a new account, see Create a Support Account.
  2. Select
    Assets
    CN-Series Licensing
    Add CN-Series Auth-Code
    .
  3. Enter the auth code you received by email in
    Add CN-Series Auth-Code
    , and
    Agree and Submit
    to save your input.
    The page refreshes to display the list of auth codes registered to your support account. You can track the total number of CN-Series tokens you purchased and the number of tokens that are still available for use against each auth code. When all the available tokens are used, the auth code does not display on the CN-Series Auth-Codes page. To view all the assets that are deployed, select
    Assets
    Devices
    .

Allocate CN-Series Tokens to Panorama

The CN-Series firewalls connect to Panorama and retrieve the appropriate licenses based on the CN-Series license bundle you purchased and registered on the CSP. If your Panorama is not connected directly to the internet, you need to allocate tokens to the Panorama on which you plan to install the Kubernetes plugin and manage the CN-Series deployment, download this license file from the CSP, and manually upload it to Panorama. This process allows you to make sure that Panorama has the tokens to successfully the license the CN-Series firewall instance on each node within the Kubernetes cluster.
You must carefully plan the number of tokens you want to allocate to Panorama. If you need to change the number of tokens, you must redeploy the CN-Series firewalls.
  1. Log in to the Palo Alto Networks Customer Support website with your account credentials.
  2. Select
    Assets
    CN-Series Licensing
    Allocate Tokens to Panorama
    .
  3. Select the CN-Series auth code that you have activated, and the Panorama Serial number and
    Allocate Tokens
    .
    The page refreshes to display the CN-Series tokens you allocated and the license file is ready for download.
  4. Download the license key.
    Save the key. You must upload this key to Panorama when you Install the Kubernetes Plugin and Set up Panorama for CN-Series.

Recommended For You