Strata Logging Service with CN-Series Firewall
Focus
Focus
CN-Series

Strata Logging Service with CN-Series Firewall

Table of Contents

Strata Logging Service with CN-Series Firewall

Strata Logging Service Logging with CN-Series firewall.
Where Can I Use This?What Do I Need?
  • Strata Logging Service with CN-Series firewall
  • Panorama running with minimum PAN-OS 11.1 version
  • Strata Logging Service License
Strata Logging Service enables AI-based innovations for cybersecurity with the industry’s only approach to normalizing and stitching together your enterprise’s data. For more information, see Introduction to Strata Logging Service and Strata Logging Service for Panorama-Managed Firewalls. Strata Logging Service can now collect log data from CN-Series next-generation firewall. When you purchase a Strata Logging Service license, all firewalls registered to your support account receive a Strata Logging Service license. You will also receive a magic link that you will need to use to activate your Strata Logging Service instance.
To get started with CN-Series firewall Strata Logging Service logging, you must ensure that you Install the Kubernetes Plugin and Set up Panorama for your CN-Series Firewall. Provide the device certificate to the CN-MGMT pod for Strata Logging Service connectivity. It is important to register your CN-MGMT pod with a CSP account to ensure that the CN-MGMT pod reflects in your Strata Logging Service instance. Add the valid PIN-ID and PIN-value to the pan-cn-mgmt-secret.yaml file to successfully install the device certificate. The CN-Series firewall requires a device certificate that authorizes secure access to Strata Logging Service. For more information, see Install a Device Certificate on the CN-Series Firewall.
After you deploy your CN-Series firewall, verify that your CN-MGMT pod is visible on your customer support portal account, under Registered Devices. For more information see, Register the Firewall. Ensure that you Configure your CN-Series firewall with Panorama and Create a CN-Series Deployment Profile on your CSP account and use the auth code to push licenses from Panorama to your CN-Series firewall.

Configure Strata Logging Service for CN-Series firewall

Strata Logging Service provides cloud-based, centralized log storage and aggregation for cloud-delivered services and applications.
Ensure that you have a logging license and a Strata Logging Service instance created in your CSP account. For more information, see Strata Logging Service.
Complete the following steps to configure Strata Logging Service settings on Panorama and push them to the firewall:
  1. Onboard your Panorama to the Strata Logging Service to enable settings of Strata Logging Service configurations on the device.
  2. Onboard your CN-Series firewall to the Strata Logging Service instance.
  3. In your panorama, click Device tab,
  4. Go to Cloud Logging pane, and then click Settings icon.
    You can now see that the Region is populated.
  5. Click Enable Cloud Logging.
  6. Click OK.
  7. Go to Commit > Push to Devices.
  8. Select your CN-MGMT pod.
  9. Click OK.
    Strata Logging Service configuration for CN-MGMT pod is pushed now. The CN-MGMT pod will now initiate its connection to the Strata Logging Service instance.
Once your onboarded firewall is in a connected state, you can start sending logs to your Strata Logging Service instance. For more information, see Start Sending Logs to Strata Logging Service (Panorama-Managed).