Authorize On-demand PCAP
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Network Segments Configuration
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
Authorize On-demand PCAP
Authorize PCAP on firewalls for use by the IoT Security Research Team.
The On-demand Packet Capture (PCAP) feature for next-generation firewalls
allows you to authorize the IoT Security Research Team to perform packet
captures and automatically upload the captured packet files to IoT Security for
offline analysis. The IoT Security Research Team takes packet captures only when
necessary, such as when an unknown device or an unknown application appears on your
network and the information required to assess the situation can be obtained no
other way. The scope of such packet captures is limited so that they don’t affect
normal firewall operations.
PCAP files are securely stored and only accessed by IoT Security Research
Team members. The files will be deleted either manually after an analysis is
complete or automatically after 30 days elapse.
For the IoT Security Research Team to use PCAP to collect network traffic
metadata from a firewall, you must first authorize the firewall to allow packet
capturing.
To support PCAP on firewalls, they must be running:
- PAN-OS 10.2.10 or later 10.2 releases
- PAN-OS 11.0.4 or later 11.0 releases
- PAN-OS 11.1.0 or later
- Log in to PAN-OS and install the openconfig plugin.
- Select DevicePlugins and search for openconfig.
- Download version 2.1.0 or later and then Install it.
Log in to the IoT Security portal with a user account with administrator or owner privileges.Authorize PCAP on one or more firewalls.- Select AdministrationFirewallsOn-demand PCAP and then click the Add ( + ) icon.
- Choose the firewall either by its serial number or by the concatenation of its serial number and name.
- Set the time period to authorize PCAP on the firewall, which can be for 1 month, 3 months, or an unlimited length of time.When an authorization period expires, PCAP is no longer authorized on the firewall. If you want, you can reauthorize PCAP on it. You can then see the new PCAP authorization period in the list of authorized firewalls.
- Confirm the authorization.
- To authorize PCAP on additional firewalls, repeat these steps.
Unauthorize PCAP on one or more firewalls.When you want to deauthorize PCAP on firewalls.- Select one or more firewalls in the Authorized Firewalls list.
- Unauthorize the selected firewalls.If you want to deauthorize PCAP on just one firewall, you can also click the Reauthorize icon for it in the Actions column.