Device Security
Licenses and Activation for Device Security
Table of Contents
Expand All
|
Collapse All
Device Security Docs
Licenses and Activation for Device Security
Extend, renew, and convert Device Security licenses.
Where Can I Use This? | What Do I Need? |
---|---|
|
One of the following subscriptions:
|
To use the Palo Alto Networks Device Security solution, you need to:
- Determine the best Device Security subscription license for your use case, based on the licenses outlined below.
- Meet all of the Device Security Prerequisites.
- Ensure that you have Firewall and PAN-OS Support of Device Security.
Types of Device Security Licenses
Depending on your needs or where you plan to deploy Device Security, you can choose
from several types of Device Security licensing subscriptions:
- Enterprise Device Security, Medical, or OT Subscription License - supported with next-generation firewalls, VM-Series, CN-Series, and Prisma® Access. These subscription licenses apply on a per-firewall basis, meaning you need one license per firewall that streams logs to Device Security.
- Device Security X Subscription License - supported with next-generation firewalls, VM-Series, and CN-Series, as well as VM-Series bootstrapped in virtual metadata collector mode (VMC). This subscription license provides individual licenses for each device learned by Device Security, regardless of how many firewalls or VM-Series VMCs stream logs to Device Security.
You can choose from different license types to fit your requirements.
- Enterprise, Medical, or OT Device Security Doesn't Require Data Lake (DRDL) - when you don't need to store streaming logs in a data lake
- Enterprise, Medical, or OT Device Security (with Data Lake) - when you have Strata Logging Service and want to store the streaming logs
To determine the best subscription and license type for your requirements, reach out
to your Palo Alto Networks sales representative. You can obtain a trial or
eval (evaluation) license to try out Device Security. The initial term of a trial or
eval (evaluation) license is 60 days and can be extended in 30-day increments. To
extend the trial or eval term, request a 30-day extension through your
Palo Alto Networks sales representative or sales engineer. Not all subscriptions offer
a trial or eval license.
Manage an Expiring License
You have several options when a license for an Device Security subscription or a
third-party integration add-on expires. If you no longer want a firewall to
subscribe to Device Security services or integrate with third-party systems,
you can let the license expire. If you do want to continue using these services or
integrations, you can renew paid licenses or convert licenses from one type to
another.
License Renewals
As a paid license approaches its expiration date, you can renew it so that
there is no break in service, the next license beginning immediately after the
current license ends. You can renew the following licenses:
- Device Security Subscription lab license
- Device Security Subscription prod (production) license
- Device Security X Subscription license
To renew any of these licenses, contact your Palo Alto Networks sales
representative.
License Conversions
A license conversion is the change of one license type to another. The license
can be for an Device Security subscription or a
third-party integration add-on.
You can't convert between a Device Security X per-device license and
a per-firewall Device Security license of any kind.
Palo Alto Networks supports the following conversions:
Device Security license conversions
- Trial > ProdYou can convert an Device Security license on a firewall from trial to prod, but not from eval to prod. An eval license is for an eval firewall, which is Palo Alto Networks property and loaned out for temporary use. However, if you create an Device Security tenant URL for eval licenses on eval firewalls and then replace them with prod licenses on prod firewalls, you can continue using the same Device Security tenant URL.
All conversions can be done after the current license expires at the end of its
term, but only conversions considered to be upgrades are allowed midterm.
Midterm conversions take place immediately, replacing the previous term with
the new term. The following conversions are considered to be upgrades:
Device Security license upgrades
- Trial version of any type of license > Prod version of any type of license
- Device Security Subscription > Device Security, DRDL Subscription
Converting Device Security licenses from trial to prod generates a new
purchase order with a link to a new onboarding workflow. During the
onboarding process, you can select the existing Device Security tenant
you were previously using for trial purposes. The rest of the onboarding
workflow follows the same mechanism for activating prod licenses on
firewalls as it did for activating trial licenses.
To convert any licenses, contact your Palo Alto Networks sales representative.