Strata Cloud Manager
How to Activate AIOps for NGFW
Table of Contents
How to Activate AIOps for NGFW
Learn about how to activate AIOps for NGFW.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of these:
|
Here are the different scenarios for activating AIOps for NGFW:
|
Scenario
|
Plan
|
|---|---|
|
Activating AIOps for NGFW Free
| Activate AIOps for NGFW (Free) |
|
Activating AIOps for NGFW Premium (use Strata Cloud
Manager app)
| Activate AIOps for NGFW Through Common Services |
|
Onboarding new devices to the activated AIOps for NGFW
Free instance
| |
|
Onboarding new devices to the activated AIOps for NGFW
Premium (use Strata Cloud Manager app)
| |
|
Activating ELA AIOps for NGFW Premium
| Activate Enterprise License Agreement (ELA) AIOps for NGFW Premium |
|
Using Strata Cloud Manager (AIOps for NGFW Premium) to manage
VM-Series
| Activate a Software NGFW Credits License Agreement |
|
Using Strata Cloud Manager (AIOps for NGFW Premium) for Panorama
Managed VM-Series
| Activate a Software NGFW Credits License for Panorama Managed VM-Series |
|
Converting AIOps for NGFW Premium trial license to production
| Convert Trial License to Production |
|
Activate Strata Cloud Manager Essentials and Strata Cloud Manager
Pro
|
Strata Cloud Manager is available, featuring two licensing tiers: Strata Cloud Manager Essentials
and Strata Cloud Manager Pro. This unified structure streamlines the
deployment of network security offerings, including AIOps for NGFW, Autonomous Digital
Experience Management (ADEM), cloud management functionality, and Strata Logging
Service.
Strata Cloud Manager Essentials replaces AIOps
for NGFW Free, offering access to all the AIOps for NGFW Free features and additional
capabilities. Strata Cloud Manager Essentials and Strata Cloud Manager Pro are available
to activate in customer support portal (CSP) accounts that don't have: Strata Logging
Service with sized storage, AIOps for NGFW Free or Premium, or Prisma Access.
If you were using Strata Cloud Manager before the introduction of these new licensing
tiers, your existing license for AIOps for NGFW Premium and AIOps for NGFW Free remain
supported. You can continue to amend, extend, renew, or activate these products without
any changes.
FedRAMP accounts can't use AIOps for NGFW. To check if this applies to
you, sign in to your Customer Support Portal account and
select . If you see a FedRamp Account listed, then you
cannot use AIOps for NGFW.
Activate AIOps for NGFW (Free)
Activation requires the Account Administrator or App Administrator role.
- Log in to the hub.
- Go to the AIOps for NGFW Free activation URL: https://apps.paloaltonetworks.com/activation/aiops-free.
- Complete the form.
![]()
Customer Support Account Your Customer Support Portal account ID. Tenant Select the tenant where you will activate the AIOps for NGFW Free instance. If you don’t have an existing tenant, select Create New. Region The deployment region and the region where your data logs are stored. See Regions for AIOps for NGFW. Strata Logging Service The Strata Logging Service from which you want to send data to AIOps for NGFW Free. If you have a logging SLS, you can associate it with AIOps for NGFW Free and select the SLS region. Otherwise, you can skip it. - Agree to the Terms and Conditions and Activate.
- AIOps for NGFW Free is ready after Status shows Complete.
![]()
- Associate devices to a tenant containing your AIOps for NGFW Free instance.
- Log in to the hub.
- Select .
![]()
- Select Add Device.
- Select one or more firewalls or Panorama appliances and Save.
You need to associate Panorama to the tenant containing AIOps for NGFW Free if you're onboarding Panorama-managed deployments. Make sure to individually associate all the firewalls managed by Panorama to the tenant.The devices that you associated with the tenant will be automatically added to AIOps for NGFW Free. For more information, see Associate devices to a tenant.- For AIOps for NGFW Free activation, associating apps with devices isn't required.
- You can associate devices to a tenant at the beginning of activation if you already have an existing tenant.
- You can remove device associations if, for example, you are retiring or returning a firewall or Panorama appliance, or if you want to associate it with another tenant service group (TSG).
- Enable telemetry on devices.
- Confirm the device is registered in the Customer Support Portal by logging in to support.paloaltonetworks.com, switch to your account (if necessary), and identify your device in .
- Install a device certificate on the devices you want to onboard.
- Enable telemetry sharing on the devices.
After you onboard the devices and enable telemetry, it takes around a couple of hours for the first set of insights to be visible on the AIOps for NGFW dashboard. The process of generating and sending telemetry on the device's side is done in batches, with each metric being sampled and collected at a frequency optimized for the use cases the metric is used for. This batch process can result in a delay between onboarding the firewall and the availability of insights. It might take several hours for all insights associated with a newly onboarded device to appear on the AIOps for NGFW dashboard. - Log in to AIOps for NGFW Free by clicking on its icon in the hub.
