Prisma Access
Configure Third-Party Device-ID in Prisma Access
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Configure Third-Party Device-ID in Prisma Access
Prisma Access
Use
Prisma Access
and the Cloud Identity Engine to configure third-party Device-ID
for third-party IoT devices. Where Can I Use This? | What Do I Need? |
---|---|
If you'd like to use this feature in your Prisma Access environment,
get in touch with your account team to learn more. |
|
You can use the Cloud Identity Engine along with
Prisma Access
to apply information from
third-party IoT detection sources to simplify the task of identifying and closing
security gaps for devices in your network. After you set up Third-Party Device-ID in the
Cloud Identity Engine using an API, you can set up a device object and a security policy
rule in Prisma Access
to obtain and use information from third-party IoT visibility
solutions through the Cloud Identity Engine for device visibility and control.In the following figure, the Third-Party Device-ID service receives the device
information from the third-party IoT solutions, which it then transmits as IP
address-to-device mappings to the Cloud Identity Engine and the
Prisma Access
Security
Processing Nodes (SPNs).Cloud Management
Cloud Management
Allow third-party IoT device vendors to retrieve their device IDs using the Cloud
Identity Engine and
Prisma Access
.To configure third-party Device-ID, complete the following task.
- Activate Third-Party Device-ID in the Cloud Identity Engine.This procedure includes uploading a signed certificate and using that with an API to communicate with, and download Device-ID information from, the third-party IoT vendor.
- Activate Third-Party Device-ID inPrisma Accessby going toorSettingsPrisma AccessSetupSharedand setWorkflowsPrisma AccessSetupPrisma AccessEnable Device IdentificationtoEnabled.
- Configure a device object and enter device attributes.
- Go toandManageObjectsRemote NetworksDevicesAdda device object.that matches all the Device ID attributes.Be sure that you are in the Remote Networks device group.If you're usingStrata Cloud Manager, go to, set the configuration scope toManageConfigurationNGFW andPrisma AccessRemote Networks, and selectandObjectsDevicesAdd Devices.
- Add a device object that matches attributes for the third-party objects.The Cloud Identity EngineMappingsarea displays the attributes of the third-party devices; you can use any attributes retrieved from there.
- Go toandManageSecurity ServicesRemote NetworksSecurity PolicyAdda security policy, adding the device objects you created in theDevicesarea.If you're usingStrata Cloud Manager, go to, set the configuration scope toManageConfigurationNGFW andPrisma AccessRemote Networks, and selectandSecurity ServicesSecurity PolicyAdda security policy, adding the device objects you created in theDevicesarea.
- Push Configto save your changes to thePrisma Accessconfiguration, making sure to selectRemote Networksin the push scope.
- Verify thatPrisma Accessis receiving the Device-ID logs by going to, selectingActivityLogsLog ViewerFirewall/Traffic, and searching for traffic under the rule you created by enteringrule_matched =rulename, whererulenameis the security policy rule you created for the third-party IoT devices.The Device-ID to IP address mappings display in the logs.If you're usingStrata Cloud Manager, go to, selectingIncidents & AlertsLog ViewerFirewall/Traffic, and searching for traffic under the rule you created by enteringrule_matched =rulename, whererulenameis the security policy rule you created for the third-party IoT devices.
Panorama
Panorama
Allow third-party IoT device vendors to retrieve their device IDs using the Cloud
Identity Engine and
Prisma Access
.To configure third-party Device-ID, complete the following task.
- Activate Third-Party Device-ID in the Cloud Identity Engine.This procedure includes uploading a signed certificate and using that with an API to communicate with, and download Device-ID information from, the third-party IoT vendor.
- Activate Third-Party Device-ID inPrisma Accessby going to, clicking the gear to edit thePanoramaCloud ServicesConfigurationRemote NetworksSettingsSettings, and selectingEnable Device Identification.
- Configure a device object and enter device attributes.
- Go toandObjectsDevicesAdda device object that matches all the Device ID attributes.Be sure that you are in theRemote_Network_Device_Groupor theShareddevice group.
- Adda device object that matches attributes for the third-party objects.The Cloud Identity EngineMappingsarea displays the attributes of the third-party devices; you can use any attributes retrieved from there.
- Go toandPoliciesSecurityPre RulesAdda security policy, adding the device objects you created in theDevicesarea as theSource Device.Be sure that you are in theRemote_Network_Device_Groupor theShareddevice group.
- Commit and push your changes, making sure thatRemote Networksis selected in thePush Scope.
- Click.CommitCommit and Push
- Edit Selectionsand, in thePrisma Accesstab, make sure thatRemote Networksis selected in thePush Scope, then clickOK.
- ClickCommit and Push.
- Verify thatPrisma Accessis receiving the Device-ID logs by going to, and searching theMonitorLogsTrafficlogs for traffic under the rule you created by enteringrule_matched =rulename, whererulenameis the security policy rule you created for the third-party IoT devices.The Device-ID to IP address mappings display in the logs.