Use Panorama™ to onboard a large-scale firewall deployment
to Cortex™ Data Lake.
Palo Alto Networks firewalls send logs
directly to Cortex™ Data Lake. However, you can use Panorama™ to
onboard firewalls to Cortex Data Lake at scale instead of onboarding
individual firewalls. Cortex Data Lake onboarding includes provisioning
the certificates that firewalls need to securely connect to Cortex
Data Lake, configuring device groups and templates with the right
settings, and then pushing those settings to managed firewalls.
When you’re done, you can use Panorama to view records for the logs
that are stored in Cortex Data Lake (or you can use the Explore app to view and interact with
If you’re using Prisma™ Access, you must use Panorama to implement
Cortex Data Lake.
Before you begin, ensure that you meet these requirements. You’ll
A supported version of
the Cloud Services plugin. This plugin is required if you’re using
Prisma Access. The following workflow shows how to download the
latest plugin version and install it on Panorama.
Next-generation firewalls with a valid support license that
are managed by Panorama and that are running a supported PAN-OS version.
A Cortex Data Lake license (in addition to the device management license
for Panorama). When you license Cortex Data Lake, all firewalls
registered to your support account receive a Cortex Data Lake license.
You can then use Panorama templates and device groups to configure
the firewalls to forward logs to Cortex Data Lake.
Cortex Data Lake license provisions the service in one theater or
region only. If you want the firewalls that belong to one template
to send logs to one theater and the firewalls that belong to another
template to send logs to a different theater, you need two Panorama
appliances and two Cortex Data Lake licenses.
a Panorama™ appliance or firewall running PAN-OS
and earlier versions cannot connect to Cortex Data Lake from behind
a proxy (Cortex Data Lake requires mutual authentication).
You can, however, enable proxy communication
on appliances running PAN-OS 10.0 and later versions (