Focus
Focus
Table of Contents

Activate
IoT Security

Learn about
IoT Security
activation.
Where Can I Use This?
What Do I Need?
  • From email activation link
  • Commercial deployments
  • Customer Support Portal account
Welcome to
IoT Security
activation. The
IoT Security
solution works with next-generation firewalls to dynamically discover and maintain a real-time inventory of the IoT devices on your network. If you are trying to activate
IoT Security
with the add-on Enterprise License Agreement (ELA), see activate an add-on enterprise license agreement instead.
Because IoT Security requires network traffic data for analysis, you must enable firewalls to forward logs with that data to a cloud logging service that IoT Security can access. There are two types of IoT Security subscriptions:
  • IoT Security Subscription - Doesn't Require Data Lake Subscription
    : (Available for all IoT Security products) This subscription sends data logs to a cloud logging service that streams them directly to IoT Security without storing them in a data lake.
  • IoT Security Subscription
    : (Available on Enterprise IoT Security Plus, Industrial OT Security, and Medical IoT Security) This subscription requires a
    Strata Logging Service
    instance, which stores the data logs from firewalls. Firewalls forward logs to the logging service, which streams them directly to a
    Strata Logging Service
    instance and to IoT Security. You can use an existing, already activated
    Strata Logging Service
    instance or buy a new one to use.
In addition to the IoT Security subscription and possibly a
Strata Logging Service
subscription, you might have also purchased an
IoT Security Third-party Integrations Add-on
. This allows IoT Security to exchange information about devices, security alerts, and device vulnerabilities with third-party products that provide services such as asset management, network access control (NAC), network management, vulnerability scanning, and security information and event management (SIEM). IoT Security can also enhance the information it has by retrieving data about devices and vulnerabilities from third-party products. IoT Security supports third-party integrations through Cortex XSOAR.
Select
Activate Subscription
in your email, then use one of the following options:

First time
IoT Security
Activation - One Customer Support Portal Account

Learn how to activate your
IoT Security
application for the first time if you have only one Customer Support Portal account.
If you have only one Customer Support Portal account, follow these steps for first time
IoT Security
activation.
  1. Because you have only one Customer Support Portal account associated with your username, the
    Customer Support Account
    is prepopulated.
  2. Allocate the product to the
    Recipient
    of your choice.
    1. The name provided matches your Customer Support Portal account for convenience. You can use the name provided or change it.
  3. Choose the data ingestion
    Region
    , which is the region where the cloud logging service is receiving data from firewalls.
  4. Strata Logging Service
    • If you are using
      IoT Security
      that doesn't require
      Strata Logging Service
      (available for all
      IoT Security
      products and the
      third party integration add-on
      ), this sends data logs to a cloud logging service that streams them directly to IoT Security without storing them in a data lake. Skip to the App Subdomain step.
    • If you are using
      IoT Security
      that does require
      Strata Logging Service
      (available for Enterprise IoT Security Plus, Industrial OT Security, and Medical IoT Security), add
      Strata Logging Service
      .
      1. Select a
        Strata Logging Service
        instance.
      2. Enter the amount of data log storage.
      3. The region is grayed out, but is autopopulated with the same region that you used for
        Strata Logging Service
        .
  5. Enter an
    App Subdomain
    .
    Use a unique subdomain to complete the
    <subdomain>.iot.paloaltonetworks.com
    URL for your
    IoT Security
    application. This will be the URL where you log in to the IoT Security portal.
  6. Agree to the terms and conditions
    , and
    Activate
    .
    A single default tenant is autocreated behind the scenes, and the product is activated in the tenant.
    This tenant, and any others created by this Customer Support Portal account, will have the
    Superuser
    role.
  7. Go to the
    Common Services
    Device Associations
    tab to add firewalls to the tenant, associate them with the IoT Security application, and then apply the IoT Security subscription to them: Device Associations.
  8. Get started with
    IoT Security
  9. (
    Optional
    ) Manage your product from
    Strata Cloud Manager
    .

First time
IoT Security
Activation - Multiple Customer Support Portal Account

Learn how to activate your
IoT Security
application for the first time if you have multiple Customer Support Portal accounts.
If you have multiple Customer Support Portal accounts, follow these steps for first time
IoT Security
activation.
  1. If you have multiple Customer Support Portal accounts, choose the
    Customer Support Account
    number that you want to use.
  2. Allocate the product to the
    Recipient
    of your choice.
    You can allocate your entire license to one recipient or you can share it with multiple recipients in a tenant hierarchy. What is a tenant?
    1. If you need just one tenant, use or rename the tenant provided. The name provided matches your Customer Support Portal account for convenience.
    2. (
      Optional
      ) This step applies if you are a managed security service provider (MSSP), a distributed enterprise customer, or need multiple tenants. After you create the first tenant, you can
      Allocate to subtenant
      and use or rename the tenant provided.
      A subscription gets allocated on a tenant or a sub-tenant. This step is for choosing a tenant where you want to allocate a license, not for building a complete tenant hierarchy. You can create only a tenant and subtenant here, and you can choose to allocate a license to that subtenant.
      After activation, you can build out your tenant hierarchy as needed through tenant management. You can create your tenant hierarchy to reflect your existing organizational structure. You can also consider identity and access inheritance when creating the hierarchy, in addition to tenant hierarchy limits.
      After you create a tenant hierarchy, you can share a license.
    3. Select
      Done
      .
  3. Choose the data ingestion
    Region
    , which is the region where the cloud logging service is receiving data from firewalls.
  4. Strata Logging Service
    • If you are using
      IoT Security
      that doesn't require
      Strata Logging Service
      (available for all
      IoT Security
      products and the
      third party integration add-on
      ), this sends data logs to a cloud logging service that streams them directly to IoT Security without storing them in a data lake. Skip to the App Subdomain step.
    • If you are using
      IoT Security
      that does require
      Strata Logging Service
      (available for Enterprise IoT Security Plus, Industrial OT Security, and Medical IoT Security), add
      Strata Logging Service
      .
      1. Select a
        Strata Logging Service
        instance.
      2. Enter the amount of data log storage.
      3. The region is grayed out, but is autopopulated with the same region that you used for
        Strata Logging Service
        .
  5. Enter an
    App Subdomain
    .
    Use a unique subdomain to complete the
    <subdomain>.iot.paloaltonetworks.com
    URL for your
    IoT Security
    application. This will be the URL where you log in to the IoT Security portal.
  6. Agree to the terms and conditions
    , and
    Activate
    .
    A single default tenant is autocreated behind the scenes, and the product is activated in the tenant.
    This tenant, and any others created by this Customer Support Portal account, will have the
    Superuser
    role.
  7. Go to the
    Common Services
    Device Associations
    tab to add firewalls to the tenant, associate them with the IoT Security application, and then apply the IoT Security subscription to them: Device Associations.
  8. Get started with
    IoT Security
  9. (
    Optional
    ) Manage your product from
    Strata Cloud Manager
    .

Return Visit
IoT Security
Activation

Learn how to activate your
IoT Security
for repeat visits.
Follow these steps if you have already completed first time activation, you have already created your tenant hierarchy through
Identity & Access
Tenants
or tenant management, and you are returning to activate another product in your existing hierarchy.
  1. Choose the
    Customer Support Account
    number that you want to use to activate.
  2. Allocate the subscription to the
    Recipient
    tenant of your choice.
    You can hover over each tenant to see which apps you already activated.
  3. Choose the data ingestion
    Region
    , which is the region where the cloud logging service is receiving data from firewalls.
  4. Strata Logging Service
    • If you are using
      IoT Security
      that doesn't require
      Strata Logging Service
      (available for all
      IoT Security
      products and the
      third party integration add-on
      ), this sends data logs to a cloud logging service that streams them directly to IoT Security without storing them in a data lake. Skip to the App Subdomain step.
    • If you are using
      IoT Security
      that does require
      Strata Logging Service
      (available for Enterprise IoT Security Plus, Industrial OT Security, and Medical IoT Security), add
      Strata Logging Service
      .
      1. Select a
        Strata Logging Service
        instance.
      2. Enter the amount of data log storage.
      3. The region is grayed out, but is autopopulated with the same region that you used for
        Strata Logging Service
        .
  5. Enter an
    App Subdomain
    .
    Use a unique subdomain to complete the
    <subdomain>.iot.paloaltonetworks.com
    URL for your
    IoT Security
    application. This will be the URL where you log in to the IoT Security portal.
  6. Agree to the terms and conditions
    , and
    Activate
    .
    A single default tenant is autocreated behind the scenes, and the product is activated in the tenant.
    This tenant, and any others created by this Customer Support Portal account, will have the
    Superuser
    role.
  7. Go to the
    Common Services
    Device Associations
    tab to add firewalls to the tenant, associate them with the IoT Security application, and then apply the IoT Security subscription to them: Device Associations.
  8. Get started with
    IoT Security
  9. (
    Optional
    ) Manage your product from
    Strata Cloud Manager
    .

Recommended For You