Strata Cloud Manager
How to Activate AIOps for NGFW
Table of Contents
How to Activate AIOps for NGFW
Learn about how to activate AIOps for NGFW.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of these:
|
Here are the different scenarios for activating AIOps for NGFW:
|
Scenario
|
Plan
|
|---|---|
|
Activating AIOps for NGFW Free
| Activate AIOps for NGFW (Free) |
|
Activating AIOps for NGFW Premium (use Strata Cloud
Manager app)
| Activate AIOps for NGFW Through Common Services |
|
Onboarding new devices to the activated AIOps for NGFW
Free instance
| |
|
Onboarding new devices to the activated AIOps for NGFW
Premium (use Strata Cloud Manager app)
| |
|
Activating ELA AIOps for NGFW Premium
| Activate Enterprise License Agreement (ELA) AIOps for NGFW Premium |
|
Using Strata Cloud Manager (AIOps for NGFW Premium) to manage
VM-Series
| Activate a Software NGFW Credits License Agreement |
|
Using Strata Cloud Manager (AIOps for NGFW Premium) for Panorama
Managed VM-Series
| Activate a Software NGFW Credits License for Panorama Managed VM-Series |
|
Converting AIOps for NGFW Premium trial license to production
| Convert Trial License to Production |
|
Activate Strata Cloud Manager Essentials and Strata Cloud Manager
Pro
Strata Cloud Manager Essentials and Strata
Cloud Manager Pro are available to activate in customer support
portal (CSP) accounts that don't have: Strata Logging Service with
sized storage, AIOps for NGFW Free or Premium, or Prisma Access.
|
Strata Cloud Manager provides unified management and
operations only for NGFWs using the AIOps for NGFW Premium license. Continue to use the
AIOps for NGFW Free app for the NGFWs onboarded to AIOps for NGFW Free.
Strata Cloud Manager is available, featuring two licensing tiers: Strata Cloud Manager Essentials
and Strata Cloud Manager Pro. This unified structure streamlines the
deployment of network security offerings, including AIOps for NGFW, Autonomous Digital
Experience Management (ADEM), cloud management functionality, and Strata Logging
Service. If you were using Strata Cloud Manager before the introduction of these new
licensing tiers, your existing license for AIOps for NGFW Premium and AIOps for NGFW
Free remain supported. You can continue to amend, extend, or renew these licenses.
FedRAMP accounts can't use AIOps for NGFW. To check if this applies to
you, sign in to your Customer Support Portal account and
select . If you see a FedRamp Account listed, then you
cannot use AIOps for NGFW.
Activate AIOps for NGFW (Free)
Activation requires the Account Administrator or App Administrator role.
- Log in to the hub with the tenant-centric view.Toggle View by Support Account off if you're in the Support Account view.If you don't have an existing tenant, login to the hub with the support account view.
- Find AIOps for NGFW Free and select Activate.
- Complete the form.
![]()
Tenant Select the tenant where you will activate the AIOps for NGFW Free instance. If you don’t have an existing tenant, select Create New. Customer Support Account Your Customer Support Portal account ID. Region The deployment region and the region where your data logs are stored. See Regions for AIOps for NGFW. Strata Logging Service The Strata Logging Service from which you want to send data to AIOps for NGFW Free. If you have a logging SLS, you can associate it with AIOps for NGFW Free. Otherwise, you can skip it. - Agree to the Terms and Conditions and Activate.
- AIOps for NGFW Free is ready after Status shows Complete.
![]()
- Associate devices to a tenant containing your AIOps for NGFW Free instance.
- Log in to the hub.
- Select .
![]()
- Select Add Device.
- Select one or more firewalls or Panorama appliances and Save.
You need to associate Panorama to the tenant containing AIOps for NGFW Free if you're onboarding Panorama-managed deployments. Make sure to individually associate all the firewalls managed by Panorama to the tenant.The devices that you associated with the tenant will be automatically added to AIOps for NGFW Free. For more information, see Associate devices to a tenant.- For AIOps for NGFW Free activation, associating apps with devices isn't required.
- You can associate devices to a tenant at the beginning of activation if you already have an existing tenant.
- You can remove device associations if, for example, you are retiring or returning a firewall or Panorama appliance, or if you want to associate it with another tenant service group (TSG).
- Enable telemetry on devices.
- Confirm the device is registered in the Customer Support Portal by logging in to support.paloaltonetworks.com, switch to your account (if necessary), and identify your device in .
- Install a device certificate on the devices you want to onboard.
- Enable telemetry sharing on the devices.
After you onboard the devices and enable telemetry, it takes around a couple of hours for the first set of insights to be visible on the AIOps for NGFW dashboard. The process of generating and sending telemetry on the device's side is done in batches, with each metric being sampled and collected at a frequency optimized for the use cases the metric is used for. This batch process can result in a delay between onboarding the firewall and the availability of insights. It might take several hours for all insights associated with a newly onboarded device to appear on the AIOps for NGFW dashboard. - Log in to AIOps for NGFW Free by clicking on its icon in the hub.
