CN-Series
Cortex Data Lake (CDL) Logging with CN-Series Firewall
Table of Contents
Expand All
|
Collapse All
CN-Series Firewall Docs
-
-
- Deployment Modes
- HSF
- In-Cloud and On-Prem
-
-
-
Cortex Data Lake (CDL) Logging with CN-Series Firewall
CDL Logging with CN-Series firewall.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Cortex Data Lake enables AI-based innovations for cybersecurity with the
industry’s only approach to normalizing and stitching together your enterprise’s data.
For more information, see About Cortex Data Lake and Cortex Data Lake for Panorama-Managed
Firewalls. Cortex Data Lake (CDL) can now collect log data from CN-Series next-generation firewall. When you purchase a Cortex Data Lake
license, all firewalls registered to your support account receive a Cortex Data Lake
license. You will also receive a magic link that you will need to use to activate your
Cortex Data Lake instance.
To get started with CN-Series firewall CDL logging, you must ensure that you
Install the Kubernetes Plugin and Set up Panorama for
your CN-Series Firewall. You must provide the device certificate to the
CN-MGMT pod for CDL connectivity. It is important to register your CN-MGMT pod with a
CSP account to ensure that CN-MGMT pod is reflected in your CDL instance. Add the valid
PIN-ID and PIN-value to
pan-cn-mgmt-secret.yaml
file to successfully
install the device certificate. The CN-Series firewall requires a device certificate
that authorizes secure access to CDL. For more information see Install a Device Certificate on the CN-Series
Firewall.After you deploy your CN-Series firewall, verify that
your CN-MGMT pod is visible on your CSP account, under
Registered Devices
. For
more information see, Register the Firewall. You must ensure that
you Configure your CN-Series firewall with
Panorama and Create a CN-Series Deployment Profile on your
CSP account and use the auth code to push licenses from Panorama to your CN-Series
firewall.CN-Series Firewall CDL Logging
CDL
provides cloud-based, centralized log storage and aggregation for cloud-delivered
services and applications.
You must ensure that you have a logging license and a
CDL instance created in your CSP account. For more information, see Cortex Data Lake License.
Complete the following steps to configure CDL settings on Panorama and
push them to the firewall:
- Onboard your Panorama to the CDL to enable settings of CDL configurations on the device.
- Onboard your CN-Series firewall to the CDL instance.
- In your panorama, go to theDevicetab, clickSettingsin theCortex Data lakepane.You can now see that theRegionis populated.
- ClickEnable Cortex Data Lake..
- ClickOK.
- Go toCommit>Push to Devices
- Select yourCN-MGMTpod.
- ClickOK.CDL configuration for CN-MGMT pod is pushed now. The CN-MGMT pod will now initiate its connection to the CDL instance.
Once your onboarded firewall is in a
connected
state, you can
start sending logs to your CDL instance. For more information, see Start Sending Logs to Cortex Data Lake
(Panorama-Managed).