Cortex Data Lake (CDL) Logging with CN-Series Firewall


Cortex Data Lake (CDL) Logging with CN-Series Firewall

Table of Contents

Cortex Data Lake (CDL) Logging with CN-Series Firewall

CDL Logging with CN-Series firewall.
Where Can I Use This?
What Do I Need?
  • Cortex Data Lake (CDL) logging with CN-Series firewall
  • Panorama
    running with minimum PAN-OS 11.1 version
  • A logging license and a CDL instance created in CSP account
Cortex Data Lake enables AI-based innovations for cybersecurity with the industry’s only approach to normalizing and stitching together your enterprise’s data. For more information, see About Cortex Data Lake and Cortex Data Lake for Panorama-Managed Firewalls. Cortex Data Lake (CDL) can now collect log data from CN-Series next-generation firewall. When you purchase a Cortex Data Lake license, all firewalls registered to your support account receive a Cortex Data Lake license. You will also receive a magic link that you will need to use to activate your Cortex Data Lake instance.
To get started with CN-Series firewall CDL logging, you must ensure that you Install the Kubernetes Plugin and Set up Panorama for your CN-Series Firewall. You must provide the device certificate to the CN-MGMT pod for CDL connectivity. It is important to register your CN-MGMT pod with a CSP account to ensure that CN-MGMT pod is reflected in your CDL instance. Add the valid PIN-ID and PIN-value to
file to successfully install the device certificate. The CN-Series firewall requires a device certificate that authorizes secure access to CDL. For more information see Install a Device Certificate on the CN-Series Firewall.
After you deploy your CN-Series firewall, verify that your CN-MGMT pod is visible on your CSP account, under
Registered Devices
. For more information see, Register the Firewall. You must ensure that you Configure your CN-Series firewall with Panorama and Create a CN-Series Deployment Profile on your CSP account and use the auth code to push licenses from Panorama to your CN-Series firewall.
CN-Series Firewall CDL Logging
CDL provides cloud-based, centralized log storage and aggregation for cloud-delivered services and applications.
You must ensure that you have a logging license and a CDL instance created in your CSP account. For more information, see Cortex Data Lake License.
Complete the following steps to configure CDL settings on Panorama and push them to the firewall:
  1. Onboard your Panorama to the CDL to enable settings of CDL configurations on the device.
  2. Onboard your CN-Series firewall to the CDL instance.
  3. In your panorama, go to the
    tab, click
    in the
    Cortex Data lake
    You can now see that the
    is populated.
  4. Click
    Enable Cortex Data Lake.
  5. Click
  6. Go to
    Push to Devices
  7. Select your
  8. Click
    CDL configuration for CN-MGMT pod is pushed now. The CN-MGMT pod will now initiate its connection to the CDL instance.
Once your onboarded firewall is in a
state, you can start sending logs to your CDL instance. For more information, see Start Sending Logs to Cortex Data Lake (Panorama-Managed).

Recommended For You