ZTP Configuration Elements

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Onboard ZTP Firewalls

Add a ZTP Firewall to Strata Cloud Manager

ZTP Configuration Elements

These are the elements required to configure Zero Touch Provisioning on Strata Cloud Manager.

Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.

Where Can I Use This?	What Do I Need?
NGFW, including those funded by Software NGFW Credits	AIOps for NGFW Premium or Strata Cloud Manager Pro Strata Cloud Manager Essentials (Supports only NGFWs) Strata Logging Service license PAN-OS 10.2.3 or later One of the following supported firewall models: PA-415, PA-440, and PA-445 PA-1400 Series PA-3400 Series PA-5410, PA-5420, and PA-5430 PA-5440

The following elements work together to allow you to quickly onboard newly deployed ZTP firewalls by automatically adding them to Strata Cloud Manager using the ZTP service.

Customer Support Portal (CSP) Account—The ZTP service uses the Palo Alto Networks Customer Support Portal to register the firewall with your account and identify the tenants that you can associate with your ZTP firewall.
Tenant—The Strata Cloud Manager tenant the ZTP firewall will be associated with. This is a logical container for your apps and devices.
Business Administrator or Superuser Role—The enterprise roles that can onboard a ZTP firewall. These roles are assigned through Common Services.
Claim Key—Eight-digit numeric key physically attached to the ZTP firewall used to register the ZTP firewall with the CSP.
Serial Number—A 10-32 character alphanumeric identifier attached to the ZTP firewall. You can find this on a sticker on the back of the firewall.
Activation URL—URL used to onboard your ZTP firewall to cloud management.
ztpdeviceactivation

Business Administrator or higher role activates a ZTP firewall by visiting the ZTP activation URL and the firewall serial number and claim key. If you have more than one tenant or CSP account, you can select which one you want to associate with the firewall.
The ZTP firewall registers with the CSP and with the Strata Cloud Manager tenant specified during activation.
A ZTP firewall successfully registered with the ZTP service automatically appears in Strata Cloud Manager (Settings > Firewall Setup > Device Management).
When the firewall connects to the internet, the ZTP firewall requests a device certificate from the CSP in order to connect to the ZTP service.
The ZTP service pushes the Strata Cloud Manager FQDN and the ZTP configuration to the firewall.
The ZTP firewall connects to Strata Cloud Manager.

Onboard ZTP Firewalls

Add a ZTP Firewall to Strata Cloud Manager

Next-Generation Firewall Docs

ZTP Configuration Elements

Next-Generation Firewall Docs

ZTP Configuration Elements

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner