| Where Can I Use
This? | What Do I Need? |
|---|
- NGFW (Cloud Managed)
- NGFW (PAN-OS or Panorama Managed)
|
|
The following elements work together to allow you to quickly onboard newly deployed
ZTP firewalls by automatically adding them to
Strata Cloud Manager using the ZTP
service.
For more information on ZTP elements that
will allow you to quickly onboard your firewalls to Panorama, click
here.
-
Customer Support Portal (CSP) Account—The ZTP service
uses the Palo Alto Networks
Customer Support Portal to register the
firewall with your account and identify the tenants that you can
associate with your ZTP firewall.
-
Tenant—The
Strata Cloud Manager
tenant the ZTP firewall
will be associated with. This is a logical container for your apps and
devices.
-
-
Claim Key—Eight-digit numeric key physically attached to
the ZTP firewall used to register the ZTP firewall with the CSP.
-
Serial Number—A 10-32 character alphanumeric identifier
attached to the ZTP firewall. You can find this on a sticker on the back
of the firewall.
-
Activation URL—
URL used to onboard your ZTP
firewall to cloud management.
ZTP Workflow
-
Business Administrator or high role activates a ZTP firewall by visiting
the activation URL (
stratacloudmanager.paloaltonetworks.com/ztpdeviceactivation)
and the firewall serial number and claim key. If you have more than one
tenant or CSP account, you can select which one you want to associate
with the firewall.
-
The ZTP firewall registers with the CSP and with the Strata Cloud Manager tenant specified during activation.
- A ZTP firewall successfully registered with the ZTP service automatically
appears in Strata Cloud Manager (Settings > Firewall Setup > Device
Management).
-
When the firewall connects to the internet, the ZTP firewall requests a
device certificate from the CSP in order to connect to the ZTP
service.
-
The ZTP service pushes the Strata Cloud Manager FQDN and the ZTP
configuration to the firewall.
-
The ZTP firewall connects to Strata Cloud Manager.
