: Cortex Data Lake for Panorama-Managed Firewalls
Focus
Focus

Cortex Data Lake for Panorama-Managed Firewalls

Table of Contents

Cortex Data Lake
for Panorama-Managed Firewalls

Use Panorama™ to onboard a large-scale firewall deployment to
Cortex Data Lake
.
Palo Alto Networks firewalls send logs directly to
Cortex Data Lake
. However, you can use Panorama™ to onboard firewalls to
Cortex Data Lake
at scale instead of onboarding individual firewalls.
Cortex Data Lake
onboarding includes provisioning the certificates that firewalls need to securely connect to
Cortex Data Lake
, configuring device groups and templates with the right settings, and then pushing those settings to managed firewalls. When you’re done, you can use Panorama to view records for the logs that are stored in
Cortex Data Lake
(or you can use the Explore app to view and interact with your logs).
If you’re using
Prisma Access (Panorama Managed)
, you must use Panorama to onboard firewalls to
Cortex Data Lake
.
You can onboard up to 20 Panorama appliances to a
Cortex Data Lake
instance. However, if you’re using
Prisma Access (Panorama Managed)
, only one Panorama appliance that is managing
Prisma Access
can be associated with a
Cortex Data Lake
instance at a time. If such a Panorama appliance is already associated with your instance when you add a Panorama appliance, you will not be able to select another appliance that is managing
Prisma Access
.
Before you begin, ensure that you meet these requirements. You’ll need:
  • A Panorama virtual appliance or hardware-based Panorama appliance running a supported PAN-OS version.
  • A Panorama device management license.
  • A supported version of the Cloud Services plugin. See the configuration for your PAN-OS version to find out how to install.
  • Next-generation firewalls with a valid support license that are managed by Panorama and that are running a supported PAN-OS version.
  • A
    Cortex Data Lake
    license (in addition to the device management license for Panorama). When you license
    Cortex Data Lake
    , all firewalls registered to your support account receive a
    Cortex Data Lake
    license. You can then use Panorama templates and device groups to configure the firewalls to forward logs to
    Cortex Data Lake
    .
    The
    Cortex Data Lake
    license provisions the service in one theater or region only. If you want the firewalls that belong to one template to send logs to one theater and the firewalls that belong to another template to send logs to a different theater, you need two Panorama appliances and two
    Cortex Data Lake
    licenses.
  • Consider that a Panorama™ appliance or firewall running PAN-OS
    ®
    9.1 and earlier versions cannot connect to
    Cortex Data Lake
    from behind a proxy (
    Cortex Data Lake
    requires mutual authentication).
    You can, however, enable proxy communication on PAN-OS 10.0 and later versions:
After you review the installation requirements,

Recommended For You