Activate a License for Prisma Access (Managed by Panorama) China Through Common Services
Table of Contents
Expand all | Collapse all
- Get Started with License Activation, Subscription, & Tenant Management
-
-
- First Time License Activation - One CSP Account
- First Time License Activation - Multiple CSP Accounts
- Return Visit License Activation
- Allocate Licenses for Cloud-managed Prisma Access
- Plan Service Connections for Cloud-managed Prisma Access and Add-ons
- Add Additional Locations for Cloud-managed Prisma Access and Add-ons
- Enable Available Add-ons for Cloud-managed Prisma Access
- Search for Subscription Details
- Share a License for Cloud-managed Prisma Access and Add-ons
- Increase Subscription Allocation Quantity
-
- Remote Browser Isolation Activation
- Product Management
Activate a License for Prisma Access (Managed by Panorama) China Through Common Services
Learn how to activate your single tenant Prisma Access (Managed by Panorama) China
license.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
This process applies to only single tenant Prisma Access (Managed by Panorama) China license activation. The
Panorama you use to manage Prisma Access China must be installed and
located in mainland China. If it is a hardware appliance, it
must be based in mainland China; if it is a VM-series Panorama, the processing location must be in
mainland China. These license activation instructions assume that you already have
deployed your VM-Series or hardware
Panorama with the China-specific Panorama image.
Make sure that you have reviewed the requirements and prerequisites for configuring a
Prisma Access China deployment. Be aware that the CLI commands must be
completed prior to generating your one-time password (OTP).
- After you receive an email from Palo Alto Networks identifying the license you are activating, including all your add-ons and capacities, select Get Started with Prisma Access in your email to begin the activation process.
- Log in with your email address.
- If you have a Palo Alto Networks Customer Support account, then enter the email address you used when you registered for that account and select Next.
- If you do not have a Palo Alto Networks Customer Support account, then Create a New AccountPasswordNext.
The service uses this email address for the user account assigned to the tenant that you use for this license. This tenant, and any others created by this email address, will have the Multitenant Superuser role. - Choose the Customer Support Account number that you want
to use to claim the license.
- Choose Panorama management for your setup and management
method.
- Select Create New from the Panorama drop-down and copy
the Panorama serial number for use in step 16.
- Add-ons are enabled by default
based on your contract.
- Level 1 support includes the following add-ons:
- Additional SC for Private App Access
- Site-to-Site and User-to-Site Access
- Level 2 support includes the following add-ons:
- Additional SC for Private App Access
- Site-to-Site and User-to-Site Access
- CASB Bundle for PA China
- DLP (individual)
- Internet of Things (IoT) security for PA China
- SaaS Inline (individual)
- Select Cloud Identity Engine regardless if you intend to use it now or if you might use it in the future.
- Agree to the Terms and Conditions.
- Activate Now. The products and add-ons that you are activating (such as Prisma Access China or Strata Logging Service) are now provisioned. As the subscriptions are activating, the progress status will display. You now have a tenant provisioned with instances of the products that you purchased. The tenant has one user — the Customer Support account that you used when you began this process.
- After the provisioning is complete, you receive an email confirmation.
- In the Serial Number field of the Panorama web interface, enter the serial
number that you copied from the license activation page, and then select
OK.Panorama will become unresponsive after you select OK. If it does not return after a few minutes, refresh your browser.
- Change the Panorama update server location to the update
server in China.
- In Panorama, go to PanoramaSetupServices and click the gear to edit the Settings.
- Change the update server to updates.paloaltonetworks.cn.
- Update the DNS servers and NTP servers to the servers of your choice.
- Perform a local commit to Panorama from CommitCommit to Panorama.
- Upgrade the Cloud Services plugin to the minimum required version.
- From the Panorama that manages Prisma Access, select PanoramaPlugins and click Check Now to display the latest Cloud Services plugin updates.
- Download the plugin version you want to install.
- After downloading the plugin, Install it.
- Open a CLI session with the Panorama appliance and enter the following commands
to make sure that the Panorama appliance points to the Customer Support Portal
that contains Prisma Access China and Panorama Assets to retrieve its one-time
password (OTP):debug plugins cloud_services set-csp-endpoint api.sb.prismaaccess.comdebug plugins cloud_services set-csp-trusted-endpoint api-trusted.sb.prismaaccess.comrequest certificate secure-bridge enableIf you do not enter these commands, the Panorama appliance will not be able to retrieve the OTP or certificate.
- Generate your one-time password (OTP) from Common ServicesTenant ManagementTenant nameGenerate OTP for setting up Panorama.
- After you validate your OTP, the Cloud Services page will become available. However, it might take up to 2 hours for the China region of Strata Logging Service to show up under Settings; until it does, you can't save your configuration.
- Complete the product setup:
- Prisma Access (Managed by Panorama) Administrators Guide
- Strata Logging Service Getting Started Guide
- Prisma Access Insights Administrators Guide
- Next Generation CASB-X
- Enterprise DLP
- SaaS Security Inline