CDL license for IoT subscription that stores data in CDL
running with minimum PAN-OS 11.1 version
For Palo Alto Networks next-generation CN-Series firewall, the IoT Security
solution uses machine learning (ML) to provide visibility of discovered IoT devices
based on the meta-data in the logs it receives from the firewall. IoT Security also
identifies vulnerabilities and assess risk in devices based on their network traffic
behaviors and dynamically updated threat feeds.
You can use the policy rule recommendations that IoT Security generates as a
reference when manually adding rules to your CN-Series firewall. IoT Security always
generates Security policy rule recommendations regardless of the PAN-OS version.
CN-Series firewall, you must complete the following steps:
: You must ensure that you onboard your Panorama onto the CDL instance.
When using IoT Security, Doesn't Require Data Lake Subscription, you must register
your Panorama in the IoT portal after adding the CN-series Firewall. For more
associate your deployment profile with the tenant service group (TSG) to
enable logging service on your CN-Series firewall and configure it to obtain
and log network traffic metadata. For more information, see Prepare Your Firewall for IoT
You can then forward the collected metadata to the cloud-based
logging service where IoT Security uses it to identify various IoT devices
on the network.
After you have successfully onboarded your Panorama and CN-Series firewall
onto the cloud-based logging service, go to your IoT instance.
After IoT Security has sufficient information to identify devices from
their network behavior, it provides CN-Series firewall with IP address-to-device
mappings and Panorama with policy recommendations that the Panorama administrator
can import and then push to CN-Series Firewall to enforce policy on IoT device