License the CN-Series Firewall

Activate Credits—begin by activating your credits. Once activated, you can apply credits from your credit pool to a CN-Series deployment profile.
Create a CN-Series Deployment Profile—in the deployment profile, you will specify the number of vCPUs that allocate to the generate authcode. You will then use the authcode associated with your CN-Series deployment profile to license the CN-Series firewalls in your Kubernetes cluster. The deployment profile can be used license the CN-NGFW pods based on the number of vCPUs allocated. A single authcode from a deployment profile can be used to license the CN-Series across different Kubernetes environments, different clusters, or on different Panorama instances.
In a CN-Series-as-a-Kubernetes-Service deployment, if the number of CN-NGFW pods deployed in your environment exceeds the number of allocated vCPUs, you have a 30-day grace period to add more vCPUs to your deployment profile or delete enough CN-NGFW pods. If you do not allocate additional vCPUs or delete unlicensed pods within the 30-day grace period, all CN-Series firewalls in your the cluster will be delicensed.
When a the CN-Series is deployed a DaemonSet, if the number of CN-NGFW pods deployed exceed the number of allocated vCPUs, you have a four-hour grace period to add more vCPUs to your deployment profile or delete enough CN-NGFW pods. If you do not allocate additional vCPUs or delete unlicensed pods within the four-hour grace period, the unlicensed pods will stop processing traffic. The already licensed pods remain licensed.
You also have the option to provision a virtual Panorama appliance when creating your CN-Series deployment profile.
Manage Deployment Profiles—you can edit, clone, or delete CN-Series deployment profiles based on the requirements of your CN-Series deployment. Additionally, you can add or remove subscriptions from the deployment profile after it has been created.