Deploy your Network Devices

Activate your firewalls and Panorama for log forwarding to Cortex® Data Lake.
With a Cortex® XDR™ Pro per TB license, if you use Palo Alto Networks firewalls as a traffic log source, you must activate your firewalls and Panorama and configure them for log forwarding to Cortex Data Lake.
  1. Register and activate your firewalls and Panorama.
  2. Upgrade firewalls and Panorama to the latest software and content releases.
    PAN-OS 8.0.6 is the minimum required software release version for Palo Alto Networks firewalls and Panorama. However, to enable Cortex XDR to leverage the Directory Sync Service and Enhanced Application Logs, upgrade firewalls and Panorama to PAN-OS 8.1.1 or later and to the latest content release:
  3. Ensure that firewalls have visibility into internal traffic and applications.
    It’s important that at least one firewall sending logs to the Cortex Data Lake is processing or has visibility into internal traffic and applications.
    If you have deployed only internet gateway firewalls, one option might be to configure a tap interface to give a firewall visibility into data center traffic even though the firewall is not in the traffic flow. Connect the tap mode interface to a data center switch SPAN or mirror port that provides the firewall with the mirrored traffic, and make sure that the firewall is enabled to log the traffic and send it to the Cortex Data Lake.
    Because data center firewalls already have visibility into internal network traffic, you don’t need to configure these firewalls in tap mode; however, contact Palo Alto Networks Professional Services for best practices to ensure that the Cortex Data Lake and Cortex XDR-required configuration updates do not affect data center firewall deployments.

Recommended For You