Install the device certificate on a Dedicated Log Collector to leverage Palo Alto
Networks cloud services.
| Where Can I Use This? | What Do I Need? |
- NGFW (Managed by Panorama)
|
- Device management license
- Support license
- Outbound internet access
Customer Support Portal (CSP) account with one of the
following user roles: Super User, Standard User, Limited User, Threat
Researcher, AutoFocus Trial Role, Group Super User,
Group Standard User, Group Limited User, Group Threat
Researcher, Authorized Support Center (ASC) User, and
ASC Full Service User. - Panorama superuser role
|
You must install the device certificate on the Dedicated Log Collector to use
Device Telemetry. You only need to install
a device certificate once. The device certificate has a 90-day lifetime. The
Dedicated Log Collector reinstalls the device certificate 15 days before the
certificate expires. In the event the Dedicated Log Collector is unable to reinstall
the device certificate on its own, you may need to manually
restore an expired device certificate.
To successfully install the device certificate, the Dedicated Log Collector must have
an outbound internet connection and the following Fully Qualified Domain Names
(FQDN) and ports must be allowed on your network.
You must manually install the device certificate on each Dedicated Log Collector
individually. Installing the device certificate from the Panorama™ management server
is not supported.
https://api.paloaltonetworks.com http://apitrusted.paloaltonetworks.com https://certificatetrusted.paloaltonetworks.com https://certificate.paloaltonetworks.com
|
TCP 443
|
M-300 and M-700 appliances automatically install the device certificate when they
first connect to the Palo Alto Networks CSP during the initial registration
process. You do not need to manually install the device certificate for these
M-Series appliances.