Onboard

IoT Security

Click
Activate
in the
IoT Security
activation email from Palo Alto Networks.
Log in to the Palo Alto Networks hub.
Activate
IoT Security
.
Add devices (firewalls) to the tenant service group (TSG) and associate
IoT Security
, and possibly other applications as well, with the firewalls.
(
Optional
) Manage identity and access to
IoT Security
.
Set up
IoT Security
and firewalls to work together.
For instructions for these first six steps, see Common Services: Subscription & Tenant Management. Then return here to continue the setup.
Log in to the
IoT Security
portal.
Click the
IoT Security
link on either the Tenant Management or Device Associations page.
A welcome page appears displaying the status of the logging service and several links to useful learning resources.

To access the rest of the web interface, use the navigation menu on the left.
If you are a user with owner privileges and the portal doesn’t have a predetermined vertical theme,
IoT Security
will prompt you to select a theme when you attempt to navigate away from the welcome page: Enterprise
IoT Security
Plus, Industrial OT Security, or Medical
IoT Security
. If you don’t select a theme, you will use the Enterprise
IoT Security
Plus theme by default.
IoT Security
will continue to prompt you to select a theme every time you log in until you make a selection, or another user with owner privileges does.

If you are a user without owner privileges and an owner hasn’t yet selected a vertical theme, you will see the Enterprise
IoT Security
Plus theme by default. Otherwise, if the portal theme was already determined by the
IoT Security
product purchased or if an owner already set a theme, then that is the one you see.
There might not be any data in the portal when you first log in. Firewalls create network traffic data logs and forward them to the logging service, which streams them to the
IoT Security
Cloud. On average, devices begin showing up in the
IoT Security
portal within the first 30 minutes. Depending on the size of the network and the amount of activity of the devices on it, it can take several days for all the data to show up.
Click
Administration
Sites and Firewalls
Firewalls
in the
IoT Security
portal to see the status of logs that the logging service is streaming to the
IoT Security
app. For more information, see IoT Security Integration Status with Firewalls
After the
IoT Security
portal has had time to use its machine-learning algorithms to analyze the network behavior of your IoT devices (1-2 days), consider following the typical workflow of an
IoT Security
user:
Device visibility – Learn about the IoT devices on the network
Application visibility – Learn about the applications and protocols these devices use
Device vulnerabilities – Learn about IoT device vulnerabilities and take steps to mitigate them, first on the most critical devices and then on others
Security alerts – Respond to security alerts as they occur, prioritizing your response on the urgency of the alert and the importance of the targeted device or network segment
Security policy rule recommendations – Based on observed network behavior, the
IoT Security
app can generate recommended security policy rules that you can then sync with those on your next-generation firewall.
Depending on the PAN-OS versions running on your firewalls, you must generate an OTP or PSK and install certificates on firewalls so they will connect securely with the logging service and with
IoT Security
. There are also firewall configurations necessary to enable logging and log forwarding to
IoT Security
. For Enterprise
IoT Security
Plus, Industrial OT Security, and Medical
IoT Security
, you must also configure
IoT Security
and PAN-OS to apply Device-ID to enforce Security policy rules. To continue, see Prepare Your Firewall for IoT Security.