Unlink the Cloud NGFW from Panorama

1. Choose the region, for example, us-east-1, in the firewall or rulestacks page.
2. In the Cloud NGFW console, select Integrations.
3. On the Integrations page, locate the Actions section. A previously linked Panorama appears greyed out.
4. Click the Unlink icon to begin the unlinking process.

   If a HA pair is configured, both pairs are unlinked.
5. When you unlink a Panorama virtual appliance from your Cloud NGFW tenant, you may be prompted to delete one or more Cloud Device Groups that are associated with the Cloud NGFW resource or region from which you are unlinking. In such cases an error message appears listing the Cloud Device Groups that are associated with the Cloud NGFW resource that is linked to Panorama. Either Delete a Cloud Device Group or Disassociate a Cloud Device Group from a Resource before unlinking. If you do not have access to Panorama to remove these Cloud Device Groups, click Force Unlink.
6. Confirm the unlinking process. If you Panorama is associated with a Strata Logging Service account, that association is terminated and logs are pruned after the retention period.

   After confirming the unlinking request, the Integrations page changes to provide status for the Cloud NGFW resource.

   Palo Alto Networks recommends that you remove Monitoring Definitions configured on Panorama.

   The Force unlink option will not remove Monitoring Definitions automatically from Panorama.

   You can see the tenant monitoring definitions and delete them running the following commands only on CLI:

   request plugins dau plugin-name cloud_services unblock-device-push yes
   request plugins dau plugin-name cloudconnector unblock-device-push yes
   request plugins dau plugin-name vm_series unblock-device-push yes
   request plugins dau plugin-name aws unblock-device-push yes