Strata Logging Service
Configure Panorama for Strata Logging Service
Table of Contents
Expand All
|
Collapse All
Configure Panorama for Strata Logging Service
Strata Logging Service
Activate
Strata Logging Service
for Panorama-managed firewalls.Where Can I Use This? | What Do I Need? |
---|---|
|
|
If you’re using Panorama™ to manage
Prisma Access
or on-premises firewalls, you have
some preliminary steps to accomplish before you can activate
.
These steps include downloading and installing the Cloud Services Plugin and generating
a one-time password (OTP) in the Strata Logging Service
Strata Logging Service
app.Because Panorama can provision the device certificate that firewalls require to
securely connect to
Strata Logging Service
, this gives you a way to onboard
multiple firewalls to Strata Logging Service
simultaneously.If you are onboarding a Panorama in high availability mode (HA), follow the steps for configuring an HA Panorama with Prisma
Access. Instead of the step where you install the
Prisma Access
components on Panorama, follow the steps for activating Strata Logging Service
below.10.0 or Earlier
Follow these steps to activate
Strata Logging Service
for Panorama-managed
firewalls running PAN-OS 10.0 or earlier.- To set up Panorama, install the Panorama virtual appliance and perform initial configuration or set up an M-Series appliance.You must configure one or more DNS servers and an NTP server instead of setting the date and time manually so that Panorama can stay in sync withStrata Logging Service.
- To configure NTP, selectand set a value for thePanoramaSetupServicesNTPNTP server. For example:pool.ntp.org.
- To configure DNS servers, selectand enter a value for the primary and optionally for the secondary DNS servers.PanoramaSetupServices
- (Optional, Panorama 10.0 and later versions) To configure Panorama to connect toStrata Logging Servicethrough a proxy server, selectandPanoramaSetupServicesSettings ( )Use proxy to send logs toStrata Logging Service.
- Log in to the Customer Support Portal (CSP) and select.AssetsDevicesRegister New Device
- SelectRegister device using Serial Number or Authorization Codeand thenSubmit.
- Enter the Panorama Serial Number provided in the email you received with your order fulfillment along with the required Location Information (as indicated by the asterisks) and thenAgree and Submit the EULA.After you see the registration complete message, close the Device Registration dialog.
- Find the Panorama instance you just registered and click the corresponding edit (Actions column).
- To activate the Support license, selectActivate Auth-Codeand then enter the Support Authorization Code you received in your email and thenAgree and Submit.
- (Optional) Onboard Panorama to yourStrata Logging Serviceinstance.This is necessary only if you did not onboard Panorama as part of activation.
- Log in to the hub and open theStrata Logging Serviceapp to the instance to which you are onboarding.
- Select.InventoryPanorama AppliancesAdd
- SelectAddandNext.
- Select the Panorama appliances you want to onboard andSubmit.
- Verify the Quantity and Part Description of theStrata Logging Servicelicense (named Logging Service below) that you just activated.
- Retrieve theStrata Logging Serviceand support license on Panorama.
- SelectandPanoramaLicensesRetrieve license keys from license server.
- Verify that you see theStrata Logging Servicelicense and the support license.
- Download and install the Cloud Services plugin.The way you download and install the plugin depends on whether you are using Panorama 8.0.6 or a later Panorama version.On Panorama 8.0.x:
- Log in to the Customer Support Portal and select.UpdatesSoftware Updates
- Find a supported Cloud Services plugin version in the Panorama Integration Plug In section and download it. Plugin 1.0 versions are no longer supported on any version of Panorama.Do not rename the plugin file or you will not be able to install it on Panorama.
- To install the plugin, log in to the Panorama web interface of the Panorama you selected when you licensedPrisma Access, select, andPanoramaPluginsUploadBrowseto the pluginFilethat you downloaded from the CSP.
- Installthe plugin.
On Panorama 8.1.0 and later versions:On Panorama 8.1 and later versions, you can either download the plugin from the CSP and then upload it to Panorama or you can check for plugin updates directly from Panorama as follows:- SelectandPanoramaPluginsCheck Nowto display the latest Cloud Services plugin updates.
- Downloada supported plugin version.Plugin 1.0 versions 1.0.x are no longer supported on any version of Panorama.
- After you downloading the plugin,Installit.
Installing a newer version of the Cloud Services plugin overwrites the previously installed version. If you are installing the plugin for the first time, after you successfully install the plugin, Panorama will refresh and the Cloud Services menu will display on thePanoramatab. - Generate an OTP from the Inventory menu in theStrata Logging Serviceapp and copy it to your clipboard.You have ten minutes to enter the OTP before it expires.
- Go back to Panorama and selectto display the Verify Account dialog.PanoramaCloud ServicesStatus
- Paste the OTP you just generated andVerifyit.IfVerifyis disabled, check that you have configured both a DNS server and an NTP server ().PanoramaSetupServices
- Verify the connection status between Panorama andStrata Logging Service.You can use the Panorama CLI or the Panorama web interface with the Cloud Services plugin to verify that the connection is successful.
- Use the following CLI command:admin@Panorama> request plugins cloud_services logging-service statuspass{"@status": "success", .....
- Selectand viewPanoramaCloud ServicesStatusStatusdetailsto verify that Panorama was able to successfully retrieve theStrata Logging Servicecertificate, fetch the Customer Identification number and the region in which yourStrata Logging Serviceinstance is deployed, and confirm that the Panorama appliance is connected toStrata Logging Service(Logging Service below). If any of these checks fail, the Status is reported as anError.
- On the hub,Viewto verify thatStrata Logging ServiceStatusStrata Logging Serviceis provisioned successfully.
- Allocate Storage Based on Log Type. Make sure to allocate log quota for each log type because there are no log quota allocation defaults.
10.1 or Later
Follow these steps to activate
Strata Logging Service
for Panorama-managed
firewalls running PAN-OS 10.1 or later.- To set up Panorama, install the Panorama virtual appliance and perform initial configuration or set up an M-Series appliance.You must configure one or more DNS servers and an NTP server instead of setting the date and time manually so that Panorama can stay in sync withStrata Logging Service.
- To configure NTP, selectand set a value for thePanoramaSetupServicesNTPNTP server. For example:pool.ntp.org.
- To configure DNS servers, selectand enter a value for the primary and optionally for the secondary DNS servers.PanoramaSetupServices
- (Optional, Panorama 10.0 and later versions) To configure Panorama to connect toStrata Logging Servicethrough a proxy server, selectandPanoramaSetupServicesSettings ( )Use proxy to send logs to.Strata Logging Service
- Log in to the Customer Support Portal (CSP) and select.AssetsDevicesRegister New Device
- SelectRegister device using Serial Number or Authorization Codeand thenSubmit.
- Enter the Panorama Serial Number provided in the email you received with your order fulfillment along with the required Location Information (as indicated by the asterisks) and thenAgree and Submit the EULA.After you see the registration complete message, close the Device Registration dialog.
- Find the Panorama instance you just registered and click the corresponding edit (Actions column).
- To activate the Support license, selectActivate Auth-Codeand then enter the Support Authorization Code you received in your email and thenAgree and Submit.
- (Optional) Onboard Panorama to yourStrata Logging Serviceinstance.This is necessary only if you did not onboard Panorama as part of activation.
- Log in to the hub and open theStrata Logging Serviceapp to the instance to which you are onboarding.
- Select.InventoryPanorama AppliancesAdd
- SelectAddandNext.
- Select the Panorama appliances you want to onboard andSubmit.
- Install a device certificate on the Panorama that you want to onboard toStrata Logging Service.
- If this is your first time installing a device certificate, you must issue the following command:> debug software restart process reportdThis is only required the first time that you install the device certificate.
- Retrieve theStrata Logging Serviceand support licenses on Panorama.
- SelectandPanoramaLicensesRetrieve license keys from license server.
- Verify that you see the Cortex DataStrata Logging Servicelicense and the support license.
- Download and install the Cloud Services plugin.The way you download and install the plugin depends on whether you are using Panorama 8.0.6 or a later Panorama version.On Panorama 8.0.x:
- Log in to the Customer Support Portal and select.UpdatesSoftware Updates
- Find a supported Cloud Services plugin version in the Panorama Integration Plug In section and download it. Plugin 1.0 versions are no longer supported on any version of Panorama.Do not rename the plugin file or you will not be able to install it on Panorama.
- To install the plugin, log in to the Panorama web interface of the Panorama you selected when you licensedPrisma Access, select, andPanoramaPluginsUploadBrowseto the pluginFilethat you downloaded from the CSP.
- Installthe plugin.
On Panorama 8.1.0 and later versions:On Panorama 8.1 and later versions, you can either download the plugin from the CSP and then upload it to Panorama or you can check for plugin updates directly from Panorama as follows:- SelectandPanoramaPluginsCheck Nowto display the latest Cloud Services plugin updates.
- Downloada supported plugin version.Plugin 1.0 versions 1.0.x are no longer supported on any version of Panorama.
- After you downloading the plugin,Installit.
Installing a newer version of the Cloud Services plugin overwrites the previously installed version. If you are installing the plugin for the first time, after you successfully install the plugin, Panorama will refresh and the Cloud Services menu will display on thePanoramatab. - Generate an OTP from the Inventory menu in theStrata Logging Serviceapp and copy it to your clipboard.You have ten minutes to enter the OTP before it expires.
- Go back to Panorama and selectto display the Verify Account dialog.PanoramaCloud ServicesStatus
- Paste the OTP you just generated andVerifyit.IfVerifyis disabled, check that you have configured both a DNS server and an NTP server ().PanoramaSetupServices
- Verify the connection status between Panorama andStrata Logging Service.You can use the Panorama CLI or the Panorama web interface with the Cloud Services plugin to verify that the connection is successful.
- Use the following CLI command:admin@Panorama> request plugins cloud_services logging-service statuspass{"@status": "success", .....
- Selectand viewPanoramaCloud ServicesStatusStatusdetailsto verify that Panorama was able to successfully retrieve theStrata Logging Servicecertificate, fetch the Customer Identification number and the region in which yourStrata Logging Serviceinstance is deployed, and confirm that the Panorama appliance is connected toStrata Logging Service(Logging Service below). If any of these checks fail, the Status is reported as anError.
- On the hub,Viewto verify thatStrata Logging ServiceStatusStrata Logging Serviceis provisioned successfully.
- Allocate Storage Based on Log Type. Make sure to allocate log quota for each log type because there are no log quota allocation defaults.