Activate your firewalls and Panorama for log forwarding
to Cortex® Data Lake.
With a Cortex® XDR™ Pro per TB license, if
you use Palo Alto Networks firewalls as a traffic log source, you
must activate your firewalls and Panorama and configure them for
log forwarding to Cortex Data Lake.
Register and activate your firewalls and Panorama.
Upgrade firewalls and Panorama to the latest software
and content releases.
PAN-OS 8.0.6 is the minimum required software release version
for Palo Alto Networks firewalls and Panorama. However, to enable
Cortex XDR to leverage the Directory Sync Service and Enhanced Application
Logs, upgrade firewalls and Panorama to PAN-OS 8.1.1 or later and
to the latest content release:
Ensure that firewalls have visibility into internal traffic
It’s important that at least one firewall sending logs
to the Cortex Data Lake is processing or has visibility into internal
traffic and applications.
If you have deployed only internet
gateway firewalls, one option might be to configure a tap interface to give a firewall visibility
into data center traffic even though the firewall is not in the
traffic flow. Connect the tap mode interface to a data center switch
SPAN or mirror port that provides the firewall with the mirrored
traffic, and make sure that the firewall is enabled to log the traffic
and send it to the Cortex Data Lake.
Because data center firewalls
already have visibility into internal network traffic, you don’t
need to configure these firewalls in tap mode; however, contact
Palo Alto Networks Professional Services for best practices to ensure
that the Cortex Data Lake and Cortex XDR-required configuration
updates do not affect data center firewall deployments.