CN-Series
Strata Logging Service with CN-Series Firewall
Table of Contents
Strata Logging Service with CN-Series Firewall
Strata Logging Service Logging with CN-Series firewall.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Strata Logging Service enables AI-based innovations for cybersecurity
with the industry’s only approach to normalizing and stitching together your
enterprise’s data. For more information, see Introduction to Strata Logging Service and
Strata Logging Service for Panorama-Managed
Firewalls. Strata Logging Service can now collect log data from CN-Series next-generation firewall. When you purchase a Strata Logging
Service license, all firewalls registered to your support account receive a Strata
Logging Service license. You will also receive a magic link that you will need to use to
activate your Strata Logging Service instance.
To get started with CN-Series firewall Strata Logging Service logging, you must
ensure that you Install the Kubernetes Plugin and Set up Panorama for
your CN-Series Firewall. Provide the device certificate to the CN-MGMT pod
for Strata Logging Service connectivity. It is important to register your CN-MGMT pod
with a CSP account to ensure that the CN-MGMT pod reflects in your Strata Logging
Service instance. Add the valid PIN-ID and PIN-value to the
pan-cn-mgmt-secret.yaml file to successfully install the device
certificate. The CN-Series firewall requires a device certificate that authorizes secure
access to Strata Logging Service. For more information, see Install a Device Certificate on the CN-Series
Firewall.
After you deploy your CN-Series firewall, verify that
your CN-MGMT pod is visible on your customer support portal account, under Registered
Devices. For more information see, Register the Firewall. Ensure that you Configure your CN-Series firewall with
Panorama and Create a CN-Series Deployment Profile on your
CSP account and use the auth code to push licenses from Panorama to your CN-Series
firewall.
Configure Strata Logging Service for CN-Series firewall
Strata Logging Service provides cloud-based, centralized log storage
and aggregation for cloud-delivered services and applications.
Ensure that you have a logging license and a Strata
Logging Service instance created in your CSP account. For more information, see
Strata Logging Service.
Complete the following steps to configure Strata Logging Service
settings on Panorama and push them to the firewall:
- Onboard your Panorama to the Strata Logging Service to enable settings of Strata Logging Service configurations on the device.
- Onboard your CN-Series firewall to the Strata Logging Service instance.
- In your panorama, click Device tab,
- Go to Cloud Logging pane, and then click Settings icon.You can now see that the Region is populated.
- Click Enable Cloud Logging.
![]()
- Click OK.
- Go to Commit > Push to Devices.
- Select your CN-MGMT pod.
- Click OK.Strata Logging Service configuration for CN-MGMT pod is pushed now. The CN-MGMT pod will now initiate its connection to the Strata Logging Service instance.
Once your onboarded firewall is in a connected state, you can start
sending logs to your Strata Logging Service instance. For more information, see
Start Sending Logs to Strata Logging Service
(Panorama-Managed).