Onboard Panorama-Managed Firewalls to Cortex Data Lake
Use Panorama to start sending firewall logs to Cortex
Data Lake at scale.
Firewalls can forward logs directly to
Cortex Data Lake. However, you can use Panorama to onboard firewalls
at scale to the Cortex Data Lake, instead of onboarding individual
firewalls. Onboarding includes provisioning the certificates that
firewalls need to securely connect to Cortex Data Lake, configuring
device groups and templates with Cortex Data Lake settings, and
then pushing those settings to managed firewalls. When this is complete,
you can also view the log records that are forwarded to Cortex Data
Lake directly in Panorama.
If you’re using GlobalProtect cloud service, using Panorama to
implement Cortex Data Lake is required.
Before you begin to onboard Panorama-managed firewalls, review
these requirements to make sure you’re ready to get started. You’ll
need:
- A Panorama virtual appliance or hardware-based Panorama applicance running Panorama 8.0.6 or later.
- A Panorama device management license.
- The Cloud Services plugin. This plugin is required if you’re using GlobalProtect cloud service. The following workflow shows you how to download the latest plugin version, and install it on Panorama.
- Next-generation firewalls with a valid support license that are managed by Panorama and are running PAN-OS 8.0.6 or later. Version 8.1.3 or later is recommended if you want to collect enhanced application logs for Magnifier.
- A Cortex Data Lake license, in addition to the device management for Panorama. When you license the Cortex Data Lake, all firewalls registered to your support account receive a Cortex Data Lake license. You can then use Panorama templates and device groups to configure the firewalls to forward logs to the Cortex Data Lake.The Cortex Data Lake license provisions the service in one theatre/region only (for example, Europe or Americas). If you want the firewalls that belong to one template to send logs to one theatre and the firewalls that belong to another template to send logs to a different theatre, you will need two Panorama appliances and two Cortex Data Lake licenses.
- Consider that Panorama or a next-generation firewall cannot connect to the Cortex Data Lake from behind a proxy (Cortex Data Lake requires mutual authentication).
Now that you’ve reviewed the requirements above, continue on
to:
Related Documentation
Activate Cortex Data Lake on the Cortex Hub
Activate Cortex Data Lake After purchasing Cortex Data Lake, you received an auth code that you’ll use to activate Cortex Data Lake. The steps here ...
Forward Logs to Cortex Data Lake (Panorama-Managed Firewalls)
Forward Logs to Cortex Data Lake (Panorama-Managed Firewalls) For Panorama-managed firewalls to send logs to Cortex Data Lake, the firewalls and Panorama need to be ...
Activate Cortex Data Lake (Panorama-Managed Firewalls)
Activate Cortex Data Lake (Panorama-Managed Firewalls) Panorama can provision the certificates that firewalls require to securely connect to the Cortex Data Lake. In this case, ...
Cortex Data Lake License Activation
Determine whether to you need to activate your Cortex Data Lake (formerly called the Logging Service) license on the Cortex hub or in the Customer ...
Get Started with the Cortex Data Lake
Get up and running with the Palo Alto Networks Logging service quickly and easily. ...
Configure the Firewalls to Forward Logs to the Cortex Data Lake
Forward Logs to Cortex Data Lake After you activate Cortex Data Lake, you can configure firewalls to start forwarding logs. This includes enabling the firewalls ...
Cortex Data Lake Log Sources
See the products and services that can send logs to Cortex Data Lake. ...
Plan Your Cortex Data Lake Deployment
Plan Your Cortex Data Lake Deployment Here are some requirements and tips to consider as you plan your Cortex Data Lake deployment: Use the Cortex ...