>
    Deploy Strata Logging Service with Panorama
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Deploy Strata Logging Service
    4. Deploy Strata Logging Service with Panorama
    Download PDF
    Strata Logging Service

    Deploy Strata Logging Service with Panorama

    Table of Contents

    Deploy
    Strata Logging Service
     with Panorama

    Use Panorama™ to onboard a large-scale firewall deployment to
    Strata Logging Service
    .
    Where Can I Use This?
    What Do I Need?
    • NGFW (PAN-OS or Panorama Managed)
    • Prisma Access (Managed by Panorama)
    • Strata Logging Service
    Palo Alto Networks firewalls send logs directly to
    Strata Logging Service
    . However, you can use Panorama™ to onboard firewalls to
    Strata Logging Service
     at scale instead of onboarding individual firewalls.
    Strata Logging Service
     onboarding includes provisioning the certificates that firewalls need to securely connect to
    Strata Logging Service
    , configuring device groups and templates with the right settings, and then pushing those settings to managed firewalls. When you’re done, you can use Panorama to view records for the logs that are stored in
    Strata Logging Service
     (or you can use the Explore app to view and interact with your logs).
    If you’re using
    Prisma Access (Managed by Panorama)
    , you must use Panorama to onboard firewalls to
    Strata Logging Service
    .
    You can onboard up to 20 Panorama appliances to a
    Strata Logging Service
     instance. However, if you’re using
    Prisma Access (Managed by Panorama)
    , only one Panorama appliance that is managing
    Prisma Access
     can be associated with a
    Strata Logging Service
     instance at a time. If such a Panorama appliance is already associated with your instance when you add a Panorama appliance, you will not be able to select another appliance that is managing
    Prisma Access
    .
    Before you begin, ensure that you meet these requirements. You’ll need:
    • A Panorama virtual appliance or hardware-based Panorama appliance running a supported PAN-OS version.
    • A Panorama device management license.
    • A supported version of the Cloud Services plugin. See the configuration for your PAN-OS version to find out how to install.
    • Next-generation firewalls with a valid support license that are managed by Panorama and that are running a supported PAN-OS version.
    • A
      Strata Logging Service
       license (in addition to the device management license for Panorama). When you license
      Strata Logging Service
      , all firewalls registered to your support account receive a
      Strata Logging Service
       license. You can then use Panorama templates and device groups to configure the firewalls to forward logs to
      Strata Logging Service
      .
      The
      Strata Logging Service
       license provisions the service in one theater or region only. If you want the firewalls that belong to one template to send logs to one theater and the firewalls that belong to another template to send logs to a different theater, you need two Panorama appliances and two
      Strata Logging Service
       licenses.
    • Consider that a Panorama™ appliance or firewall running PAN-OS
      ®
       9.1 and earlier versions cannot connect to
      Strata Logging Service
       from behind a proxy (
      Strata Logging Service
       requires mutual authentication).
      You can, however, enable proxy communication on PAN-OS 10.0 and later versions:

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.