Activate Cortex Data Lake with Panorama (10.1 or Later)

Follow these steps to activate Cortex Data Lake for Panorama-managed firewalls running PAN-OS 10.1 or later.
If you’re using Panorama™ to manage Prisma™ Access or on-premises firewalls, activate Cortex Data Lake on the hub. Because Panorama can provision the device certificate that firewalls require to securely connect to Cortex Data Lake, this gives you a way to onboard multiple firewalls to Cortex Data Lake simultaneously.
If you are onboarding a Panorama in high availability mode (HA), follow these steps.
  1. To set up Panorama, install the Panorama virtual appliance and perform initial configuration or set up an M-Series appliance.
    You must configure one or more DNS servers and an NTP server instead of setting the date and time manually so that Panorama can stay in sync with Cortex Data Lake.
    • To configure NTP, select
      Panorama
      Setup
      Services
      NTP
      and set a value for the
      NTP server
      . For example:
      pool.ntp.org
      .
    • To configure DNS servers, select
      Panorama
      Setup
      Services
      and enter a value for the primary and optionally for the secondary DNS servers.
    • (
      Optional, Panorama 10.0 and later versions
      ) To configure Panorama to connect to Cortex Data Lake through a proxy server, select
      Panorama
      Setup
      Services
      Settings ( )
      and
      Use proxy to send logs to Cortex Data Lake
      .
    1. Log in to the Customer Support Portal (CSP) and select
      Assets
      Devices
      Register New Device
      .
    2. Select
      Register device using Serial Number or Authorization Code
      and then
      Submit
      .
    3. Enter the Panorama Serial Number provided in the email you received with your order fulfillment along with the required Location Information (as indicated by the asterisks) and then
      Agree and Submit the EULA
      .
      After you see the registration complete message, close the Device Registration dialog.
    4. Find the Panorama instance you just registered and click the corresponding edit (Actions column).
    5. To activate the Support license, select
      Activate Auth-Code
      and then enter the Support Authorization Code you received in your email and then
      Agree and Submit
      .
  2. Activate Cortex Data Lake.
    1. Log in to the hub.
    2. Activate New App
      .
    3. Enter the
      Auth Code
      you received to activate Cortex Data Lake and
      Continue
      .
    4. Enter an
      Instance Name
      so that you can identify this app instance in the hub, and optionally add a
      Description
      .
    5. Select the
      Region
      you want to host the Cortex Data Lake instance.
    6. Click
      Agree and Activate
      .
    7. Verify that Cortex Data Lake is successfully activated on the hub.
      Cortex Data Lake was previously called the Logging Service, and you might continue to see that name listed as the application name.
  3. Onboard Panorama to your Cortex Data Lake instance.
    1. Log in to the hub and open the Cortex Data Lake app to the instance to which you are onboarding.
    2. Select
      Inventory
      Onboard New Firewall or Panorama
      .
    3. Select
      New
      .
    4. Select
      Panorama
      and
      Next
      .
    5. Select the Panorama to connect to Cortex Data Lake.
    6. Submit
      your choice.
  4. Install a device certificate on the Panorama that you want to onboard to Cortex Data Lake.
  5. Retrieve the Cortex Data Lake and support license on Panorama.
    1. Select
      Panorama
      Licenses
      and
      Retrieve license keys from license server
      .
    2. Verify that you see the Cortex Data Lake license and the support license.
  6. Download and install the Cloud Services plugin.
    The way you download and install the plugin depends on whether you are using Panorama 8.0.6 or a later Panorama version.
    On Panorama 8.0.x:
    1. Log in to the Customer Support Portal and select
      Updates
      Software Updates
      .
    2. Find a supported Cloud Services plugin version in the Panorama Integration Plug In section and download it. Plugin 1.0 versions are no longer supported on any version of Panorama.
      Do not rename the plugin file or you will not be able to install it on Panorama.
    3. To install the plugin, log in to the Panorama web interface of the Panorama you selected when you licensed Prisma Access, select
      Panorama
      Plugins
      Upload
      , and
      Browse
      to the plugin
      File
      that you downloaded from the CSP.
    4. Install
      the plugin.
    On Panorama 8.1.0 and later versions:
    On Panorama 8.1 and later versions, you can either download the plugin from the CSP and then upload it to Panorama or you can check for plugin updates directly from Panorama as follows:
    1. Select
      Panorama
      Plugins
      and
      Check Now
      to display the latest Cloud Services plugin updates.
    2. Plugin 1.0 versions 1.0.x are no longer supported on any version of Panorama.
    3. After you downloading the plugin,
      Install
      it.
    Installing a newer version of the Cloud Services plugin overwrites the previously installed version. If you are installing the plugin for the first time, after you successfully install the plugin, Panorama will refresh and the Cloud Services menu will display on the
    Panorama
    tab.
  7. Generate an OTP from the Inventory Tab in the Cortex Data Lake app and copy it to your clipboard.
    You have ten minutes to enter the OTP before it expires.
    1. Go back to Panorama and select
      Panorama
      Cloud Services
      Status
      to display the Verify Account dialog.
    2. Paste the OTP you just generated and
      Verify
      it.
      If
      Verify
      is disabled, check that you have configured both a DNS server and an NTP server (
      Panorama
      Setup
      Services
      ).
  8. Verify the connection status between Panorama and Cortex Data Lake.
    You can use the Panorama CLI or the Panorama web interface with the Cloud Services plugin to verify that the connection is successful.
    • Use the following CLI command:
      admin@Panorama> request plugins cloud_services logging-service status
      pass{"@status": "success", .....
    • Select
      Panorama
      Cloud Services
      Status
      Status
      and view
      details
      to verify that Panorama was able to successfully retrieve the Cortex Data Lake certificate, fetch the Customer Identification number and the region in which your Cortex Data Lake instance is deployed, and confirm that the Panorama appliance is connected to Cortex Data Lake (Logging Service below). If any of these checks fail, the Status is reported as an
      Error
      .
  9. On the hub, View Cortex Data Lake Status to verify that Cortex Data Lake is provisioned successfully.
  10. Allocate Storage Based on Log Type. Make sure to allocate log quota for each log type because there are no log quota allocation defaults.

Recommended For You