Next-Generation Firewall
Prerequisites for Onboarding NGFWs
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
Prerequisites for Onboarding NGFWs
Review the prerequisites for onboarding firewalls to Strata Cloud Manager and Panorama.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Before you can start onboarding your NGFWs, you should review the prerequisites for each
management system.
Cloud Management
Review the prerequisites for onboarding NGFWs to Strata Cloud Manager.
Review the requirements to onboard a Strata Cloud Manager tenant and
firewalls to Strata Cloud Manager.
Note that some requirements, such as PAN-OS Version, Firewall Model,
Ports, and Services, apply to the firewall. While others, such as the Logging and
Authentication service requirements, apply to your Customer Support Portal (CSP)
account.
|
Prerequisite
|
Supported
|
Required?
|
|---|---|---|
|
PAN-OS Version
|
(minimum)PAN-OS 10.2.3
|
Yes
|
|
Firewall Model
Single vsys firewalls only
Multi-vsys firewalls are not supported
|
PA-220 and PA-220R
PA-400 Series
PA-450R
PA-800 Series
PA-1400 Series
PA-3200 Series
PA-3400 Series
PA-5200 Series
PA-5400 Series
PA-5450
PA-7000 Series
|
N/A
|
|
Ports
Ports are used for outbound communication from the firewall to
Strata Cloud Manager and CDL
|
443
444
3978
|
Yes
|
|
Services
Services are used for resolution of the Strata Cloud Manager
tenant, as well as software and content updates
|
DNS
NTP
|
Yes
|
|
Firewall Onboarding
|
AIOps for NGFW (Premium)
(Optional) Zero Touch Provisioning (ZTP)
|
Yes
ZTP onboarding is optional
|
|
Logging
|
Cortex Data Lake
|
Yes
|
|
Data Filtering
|
Enterprise data loss prevention (DLP)
|
No
|
| SaaS Application Management |
Next-Generation CASB
|
No
|
Panorama
Learn the prerequisites for onboarding firewalls to the Panorama™ management server.
Before you can start onboarding NGFWs to Panorama, complete the following
lists of prerequisites:
- Determine Panorama Log Storage Requirements
- Manage Large-Scale Firewall Deployments
- Set Up the Panorama Virtual Appliance
- Set Up the M-Series Appliance
- Register Panorama and Install Licenses
- Install the Panorama Device Certificate
- Install the Device Certificate for a Dedicated Log Collector
- Install Content and Software Updates for Panorama
- Transition to a Different Panorama Model
- Access and Navigate Panorama Management Interfaces
- Set Up Administrative Access to Panorama
- Set Up Authentication Using Custom Certificates