>
    Strata Logging Service with CN-Series Firewall
    Focus
    Download PDF
    Focus
    1. Home
    2. CN-Series
    3. Strata Logging Service with CN-Series Firewall
    Download PDF
    CN-Series

    Strata Logging Service with CN-Series Firewall

    Table of Contents

    Strata Logging Service with CN-Series Firewall

    Strata Logging Service Logging with CN-Series firewall.
    Where Can I Use This?
    What Do I Need?
    • Strata Logging Service with CN-Series firewall
    • Panorama
       running with minimum PAN-OS 11.1 version
    • Strata Logging Service License
    Strata Logging Service enables AI-based innovations for cybersecurity with the industry’s only approach to normalizing and stitching together your enterprise’s data. For more information, see Introduction to Strata Logging Service and Strata Logging Service for Panorama-Managed Firewalls. Strata Logging Service can now collect log data from CN-Series next-generation firewall. When you purchase a Strata Logging Service license, all firewalls registered to your support account receive a Strata Logging Service license. You will also receive a magic link that you will need to use to activate your Strata Logging Service instance.
    To get started with CN-Series firewall Strata Logging Service logging, you must ensure that you Install the Kubernetes Plugin and Set up Panorama for your CN-Series Firewall. Provide the device certificate to the CN-MGMT pod for Strata Logging Service connectivity. It is important to register your CN-MGMT pod with a CSP account to ensure that the CN-MGMT pod reflects in your Strata Logging Service instance. Add the valid PIN-ID and PIN-value to the
    pan-cn-mgmt-secret.yaml
     file to successfully install the device certificate. The CN-Series firewall requires a device certificate that authorizes secure access to Strata Logging Service. For more information, see Install a Device Certificate on the CN-Series Firewall.
    After you deploy your CN-Series firewall, verify that your CN-MGMT pod is visible on your customer support portal account, under
    Registered Devices
    . For more information see, Register the Firewall. Ensure that you Configure your CN-Series firewall with Panorama and Create a CN-Series Deployment Profile on your CSP account and use the auth code to push licenses from Panorama to your CN-Series firewall.

    Configure Strata Logging Service for CN-Series firewall

    Strata Logging Service provides cloud-based, centralized log storage and aggregation for cloud-delivered services and applications.
    Ensure that you have a logging license and a Strata Logging Service instance created in your CSP account. For more information, see Strata Logging Service.
    Complete the following steps to configure Strata Logging Service settings on Panorama and push them to the firewall:
    1. Onboard your Panorama to the Strata Logging Service to enable settings of Strata Logging Service configurations on the device.
    2. Onboard your CN-Series firewall to the Strata Logging Service instance.
    3. In your panorama, click
      Device
      tab,
    4. Go to
      Cloud Logging
       pane, and then click
      Settings
       icon.
      You can now see that the
      Region
      is populated.
    5. Click
      Enable Cloud Logging.
      .
    6. Click
      OK
      .
    7. Go to
      Commit
      >
      Push to Devices
      .
    8. Select your
      CN-MGMT
       pod.
    9. Click
      OK
      .
      Strata Logging Service configuration for CN-MGMT pod is pushed now. The CN-MGMT pod will now initiate its connection to the Strata Logging Service instance.
    Once your onboarded firewall is in a
    connected
    state, you can start sending logs to your Strata Logging Service instance. For more information, see Start Sending Logs to Strata Logging Service (Panorama-Managed).

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.