Activate a License for Panorama-Managed Prisma Access China Through

Common Services

After you receive an email from Palo Alto Networks identifying the license you are activating, including all your add-ons and capacities, select
Get Started with Prisma SASE
in your email to begin the activation process.
Log in with your email address.
If you have a Palo Alto Networks Customer Support account, then enter the email address you used when you registered for that account and select
Next
.
If you do not have a Palo Alto Networks Customer Support account, then
Create a New Account
Password
Next
.
The service uses this email address for the user account assigned to the tenant that you use for this license. This tenant, and any others created by this email address, will have the
Multitenant Superuser
role.
Choose the
Customer Support Account
number that you want to use to claim the license.

Choose
Panorama
management for your setup and management method.

Select
Create New
from the Panorama drop-down and copy the Panorama Serial Number for use in step 16.

Add-ons
are enabled by default based on your contract.
Level 1 support includes the following add-ons:
Additional SC for Private App Access
Site-to-Site and User-to-Site Access
Level 2 support includes the following add-ons:
Additional SC for Private App Access
Site-to-Site and User-to-Site Access
CASB Bundle for PA China
DLP (individual)
IoT Security for PA China
SaaS Inline (individual)
Select
Cloud Identity Engine
regardless if you intend to use it now or if you might use it in the future.
Agree to the Terms and Conditions
.
Activate Now
. The products and add-ons that you are activating (such as Prisma Access China or Cortex Data Lake) are now provisioned. As the subscriptions are activating, the progress status will display. You now have a tenant provisioned with instances of the products that you purchased. The tenant has one user — the Customer Support account that you used when you began this process.
After the provisioning is complete, you receive an email confirmation.
In the Serial Number field of the Panorama UI, enter the serial number that you copied from the license activation page, and then select
OK
.
Panorama will become unresponsive after you select OK. If it does not return after a few minutes, refresh your browser.
Change the Panorama update server location to the update server in China.
In Panorama, go to

Panorama

Setup

Services

and click the gear to edit the

Settings

.

Change the update server to

updates.paloaltonetworks.cn

.

Update the DNS servers and NTP servers to the servers of your choice.


Perform a local commit to Panorama from
Commit
Commit to Panorama
.

Upgrade the Cloud Services plugin to the minimum required version.
From the Panorama that manages Prisma Access, select
Panorama
Plugins
and click
Check Now
to display the latest Cloud Services plugin updates.
Download
the plugin version you want to install.
After downloading the plugin,
Install
it.
Open a CLI session with the Panorama appliance and enter the following commands to make sure that the Panorama appliance points to the CSP that contains Prisma Access China and Panorama Assets to retrieve its one-time password (OTP):
debug plugins cloud_services set-csp-endpoint api.sb.prismaaccess.com
debug plugins cloud_services set-csp-trusted-endpoint api-trusted.sb.prismaaccess.com
request certificate secure-bridge enable
If you do not enter these commands, the Panorama appliance will not be able to retrieve the OTP or certificate.
Generate your one-time password (OTP) from
Common Services
Tenant Management
Tenant name
Generate OTP
for setting up Panorama.

After you validate your OTP, the Cloud Services page will become available. However, it might take up to two hours for the China region of CDL to show up under Settings; until it does, you can't save your configuration.
Complete the product setup:
Prisma Access Panorama-Managed Administrators Guide
Cortex Data Lake Getting Started Guide
Prisma Access Insights Administrators Guide
Next Generation CASB-X
Enterprise DLP
SaaS Security Inline