Focus

Common Services: License Activation, Subscription, & Tenant Management

Activate a License for Prisma Access (Managed by Panorama) China Through Common Services

Table of Contents

Activate a License for `Prisma Access (Managed by Panorama)` China Through
Common Services

Learn how to activate your single tenant Prisma Access (Managed by Panorama) China license.

Where Can I Use This?	What Do I Need?
Panorama located in mainland China Commercial deployments	`Prisma Access` license with optional add-ons Activation link `Cortex Data Lake` Role: Multitenant Superuser

This process applies to only single tenant Prisma Access (Managed by Panorama) China license activation. The Panorama you use to manage Prisma Access China must be installed and located in mainland China. If it is a hardware appliance, it must be based in mainland China; if it is a VM-series Panorama, the processing location must be in mainland China. These license activation instructions assume that you already have deployed your VM-Series or hardware Panorama with the China-specific Panorama image.

Make sure that you have reviewed the requirements and prerequisites for configuring a Prisma Access China deployment. Be aware that the CLI commands must be completed prior to generating your one-time password (OTP).

After you receive an email from Palo Alto Networks identifying the license you are activating, including all your add-ons and capacities, select

Get Started with Prisma Access

in your email to begin the activation process.

If you have a Palo Alto Networks Customer Support account, then enter the email address you used when you registered for that account and select

If you do not have a Palo Alto Networks Customer Support account, then

Create a New Account

Password

The service uses this email address for the user account assigned to the tenant that you use for this license. This tenant, and any others created by this email address, will have the

Multitenant Superuser

role.

Choose the

Customer Support Account

number that you want to use to claim the license.

Choose

Panorama

management for your setup and management method.

Select

Create New

from the Panorama drop-down and copy the Panorama serial number for use in step 16.

Add-ons

are enabled by default based on your contract.

Level 1 support includes the following add-ons:

Additional SC for Private App Access

Site-to-Site and User-to-Site Access

Level 2 support includes the following add-ons:

Additional SC for Private App Access

Site-to-Site and User-to-Site Access

CASB Bundle for PA China

DLP (individual)

Internet of Things (IoT) security for PA China

SaaS Inline (individual)

Select

Cloud Identity Engine

regardless if you intend to use it now or if you might use it in the future.

Agree to the Terms and Conditions

Activate Now

. The products and add-ons that you are activating (such as Prisma Access China or Cortex Data Lake) are now provisioned. As the subscriptions are activating, the progress status will display. You now have a tenant provisioned with instances of the products that you purchased. The tenant has one user — the Customer Support account that you used when you began this process.

After the provisioning is complete, you receive an email confirmation.

In the Serial Number field of the Panorama web interface, enter the serial number that you copied from the license activation page, and then select

Panorama will become unresponsive after you select OK. If it does not return after a few minutes, refresh your browser.

Change the Panorama update server location to the update server in China.

In Panorama, go to

Panorama

Setup

Services

and click the gear to edit the

Settings

Change the update server to

updates.paloaltonetworks.cn

Update the DNS servers and NTP servers to the servers of your choice.

Perform a local commit to Panorama from

Commit

Commit to Panorama

Upgrade the Cloud Services plugin to the minimum required version.

From the Panorama that manages Prisma Access, select

Panorama

Plugins

and click

Check Now

to display the latest Cloud Services plugin updates.

Download

the plugin version you want to install.

After downloading the plugin,

Install

it.

Open a CLI session with the Panorama appliance and enter the following commands to make sure that the Panorama appliance points to the Customer Support Portal that contains Prisma Access China and Panorama Assets to retrieve its one-time password (OTP):

debug plugins cloud_services set-csp-endpoint api.sb.prismaaccess.com

debug plugins cloud_services set-csp-trusted-endpoint api-trusted.sb.prismaaccess.com

request certificate secure-bridge enable

If you do not enter these commands, the Panorama appliance will not be able to retrieve the OTP or certificate.

Generate your one-time password (OTP) from

Common Services

Tenant Management

Tenant name

Generate OTP

for setting up Panorama.

After you validate your OTP, the Cloud Services page will become available. However, it might take up to 2 hours for the China region of Cortex Data Lake to show up under Settings; until it does, you can't save your configuration.

Complete the product setup:

Prisma Access (Managed by Panorama) Administrators Guide

Cortex Data Lake Getting Started Guide

Prisma Access Insights Administrators Guide

Next Generation CASB-X

Enterprise DLP

SaaS Security Inline