Device Certificate for a Palo Alto Networks Cloud Service

Review which Palo Alto Networks Cloud Service requires a device certificate.
A Palo Alto Networks Cloud Service is a cloud-hosted service maintained and operated by Palo Alto Networks. For Panorama-managed firewalls, the Cloud Service functionality is typically facilitated by a plugin installed on the Panorama management server that requires an outbound internet connection to function.
For individual firewalls, the device certificate must be installed on the firewall leveraging the Cloud Service. For Panorama managed firewalls, you must install the device certificate on Panorama as well as on the managed firewall leveraging the Cloud Service.
Only the Palo Alto Networks Cloud Services listed below require you install a device certificate to function. Panorama management of firewalls and downloading content and software updates from the Palo Alto Networks Update Server do not require a device certificate. Please follow the plugin or Cloud Service install and setup procedures to know when a device certificate must be installed.
For the Device Telemetry Cloud Service, the device certificate must be installed on devices that have enabled device telemetry.
If you install the Cloud Services (Prisma Access) plugin on Panorama, you are not required to install the Panorama device certificate to leverage any additional Palo Alto Networks Cloud Services. The Cloud Services (Prisma Access) plugin has its own certification mechanism to authenticate Panorama and allows you to leverage other Palo Alto Networks Cloud Services without need for the Panorama device certificate.
Review the table below to learn more about which Palo Alto Networks Cloud Service requires a device certificate.
Cloud Service
Firewall
(Individual and Panorama-Managed)
Panorama
AIOps
Yes
Yes
Cloud Services (Prisma Access)
N/A
No
Cortex Data Lake
(
PAN-OS 10.1 and later
) Yes
(
PAN-OS 10.1 and later
) Yes
Device Telemetry
Yes
Yes
Enterprise DLP
Yes
Yes
Inline Categorization
Requires Advanced URL Filtering or PAN-DB URL Filtering license
Yes
No
Inline Cloud Analysis
Requires Advanced Threat Protection license
Yes
No
IoT Security
Yes
Yes
ZTP
No
Yes

Recommended For You