: Activate Next-Generation CASB on Cross Platforms CASB-X
Focus
Focus

Activate Next-Generation CASB on Cross Platforms CASB-X

Table of Contents

Activate Next-Generation CASB on Cross Platforms
CASB-X

Learn about
CASB-X
activation.
Where Can I Use This?
What Do I Need?
  • From email activation link
  • Commercial deployments
  • Prisma Access
    • Prisma Access (Managed by Strata Cloud Manager)
      : 3.2 Innovation Release (Future: Prisma Access 4.0 Preferred Release)
    • Prisma Access (Managed by Panorama)
      : 10.2 or newer
  • Next-Generation Firewall (Hardware Only and not available on VMs)
    • PAN-OS or Panorama management
    • PAN-OS 10.2.3 or newer
  • Customer Support Portal account
  • Strata Logging Service
    is required for SaaS Security Inline.
    CASB-X
    can be activated without it.
  • SSL decryption must be enabled on NGFW and Access (this requires a separate professional services quickstart if not already enabled).
  • The App-ID Cloud Engine (ACE) is disabled by default on Panorama and enabled by default on firewalls when the SaaS Security Inline license is installed as part of CASB activation.
    As a best practice, the majority of policies are app based and since the app classification changes due to CASB activation, you would need to disable ACE on all firewalls including Prisma and CNGFW by making changes to appropriate templates.
    Usually you would not push changes during production hours and therefore CASB activation should only be carried out during maintenance period.
The
Next-Generation CASB for Prisma Access and NGFW (CASB-X)
license contains all the cloud access security broker components such as SaaS Security Inline, SaaS Security API, SaaS Security Posture Management (SSPM), and Enterprise DLP. It can be applied on Cloud Managed
Prisma Access
, Panorama Managed
Prisma Access
, and Panorama managed Next-Generation Firewall (NGFW) devices in a single tenant environment.
If you are trying to activate the
CASB-X
on
Prisma Access
add-on bundle, Activate a License for Cloud-managed
Prisma Access
and Add-ons instead.
CASB-X
is only supported in a single tenant environment, but the CASB add-on bundle is supported in single and multitenant environments.
If you have
Prisma Access
or NGFW in your tenant, you can apply
CASB-X
to the
Prisma Access
or NGFW devices in that same tenant.
You cannot activate
CASB-X
if you already have the CASB add-on bundle, or the add-ons associated with the bundle, activated on your tenant. You cannot activate
CASB-X
if you do not have
Strata Logging Service
activated on your tenant.
To convert a trial
SaaS Security
license to a production license, see convert trial license to production
Welcome to
CASB-X
activation. Select
Activate Subscription
in your email, then use one of the following options:

First time
CASB-X
Activation - One Customer Support Portal Account

Learn how to activate your
CASB-X
application for the first time if you have only one Customer Support Portal account.
If you have only one Customer Support Portal account, follow these steps for first time
CASB-X
activation.
  1. Because you have only one Customer Support Portal account associated with your username, the
    Customer Support Account
    is prepopulated.
  2. Allocate the product to the
    Recipient
    of your choice.
    1. The name provided matches your Customer Support Portal account for convenience. You can use the name provided or change it.
  3. Select a
    Region
    where you want to deploy your product.
  4. The web interface shows if you have
    Prisma Access
    and NGFW available in this tenant where you can apply
    CASB-X
    .
  5. Agree to the terms and conditions
    , and
    Activate
    .
    A single default tenant is autocreated behind the scenes, and the product is activated in the tenant.
    This tenant, and any others created by this Customer Support Portal account, will have the
    Superuser
    role.
  6. CASB-X
    activation is now complete for
    Prisma Access
    . To apply
    CASB-X
    on NGFW, you must go to the Device Association tab to select the devices and apply Next-Generation CASB on them:
  7. (
    Optional
    ) Manage your product from
    Strata Cloud Manager
    .

First time
CASB-X
Activation - Multiple Customer Support Portal Account

Learn how to activate your
CASB-X
application for the first time if you have multiple Customer Support Portal accounts.
If you have multiple Customer Support Portal accounts, follow these steps for first time
CASB-X
activation.
  1. If you have multiple Customer Support Portal accounts, choose the
    Customer Support Account
    number that you want to use.
  2. Allocate the product to the
    Recipient
    of your choice.
    You can allocate your entire license to one recipient or you can share it with multiple recipients in a tenant hierarchy. What is a tenant?
    1. If you need just one tenant, use or rename the tenant provided. The name provided matches your Customer Support Portal account for convenience.
    2. (
      Optional
      ) This step applies if you are a managed security service provider (MSSP), a distributed enterprise customer, or need multiple tenants. After you create the first tenant, you can
      Allocate to subtenant
      and use or rename the tenant provided.
      A subscription gets allocated on a tenant or a sub-tenant. This step is for choosing a tenant where you want to allocate a license, not for building a complete tenant hierarchy. You can create only a tenant and subtenant here, and you can choose to allocate a license to that subtenant.
      After activation, you can build out your tenant hierarchy as needed through tenant management. You can create your tenant hierarchy to reflect your existing organizational structure. You can also consider identity and access inheritance when creating the hierarchy, in addition to tenant hierarchy limits.
      After you create a tenant hierarchy, you can share a license.
    3. Select
      Done
      .
  3. Select a
    Region
    where you want to deploy your product.
  4. The web interface shows if you have
    Prisma Access
    and NGFW available in this tenant where you can apply
    CASB-X
    .
  5. Agree to the terms and conditions
    , and
    Activate
    .
    This tenant, and any others created by this Customer Support Portal account, will have the
    Superuser
    role.
  6. CASB-X
    activation is now complete for
    Prisma Access
    . To apply
    CASB-X
    on NGFW, you must go to the Device Association tab to select the devices and apply Next-Generation CASB on them:
  7. (
    Optional
    ) Manage your product from
    Strata Cloud Manager
    .

Return Visit CASB-X Activation

Learn how to activate your CASB-X for repeat visits.
Follow these steps if you have already completed first time activation, you have already created your tenant hierarchy through
Identity & Access
Tenants
or tenant management, and you are returning to activate another product in your existing hierarchy.
  1. Choose the
    Customer Support Account
    number that you want to use to activate.
  2. Allocate the subscription to the
    Recipient
    tenant of your choice.
    You can hover over each tenant to see which apps you already activated.
  3. Select a
    Region
    where you want to deploy your product.
  4. The web interface shows if you have
    Prisma Access
    and NGFW available in this tenant where you can apply CASB-X.
  5. Agree to the terms and conditions
    , and
    Activate
    .
  6. CASB-X activation is now complete for
    Prisma Access
    . To apply CASB-X on NGFW, you must go to the Device Association tab to select the devices and apply Next-Generation CASB on them:
  7. (
    Optional
    ) Manage your product from
    Strata Cloud Manager
    .

Recommended For You