Activate and Install Prisma Access

Use the following workflow to license Prisma Access and download and install the Cloud Services plugin:
To set up Prisma Access in High Availability (HA) mode with a primary and secondary Panorama, Configure Panorama Appliances in High Availability for Prisma Access before you license and activate Prisma Access.
  1. Be sure you have upgraded the Panorama on which you will install the Cloud Services plugin (which activates Prisma Access to a minimum version of 9.0.3-h3.
    You must upgrade your Panorama to a minimum version of 9.0.3-h3 (9.0.4 recommended)
    before installing the 1.5 Cloud Services plugin. The Cloud Services plugin 1.5 and later require Panorama version 9.0.3-h3 or later. Installing the 1.5 plugin with a Panorama running 8.1 or lower will result in an unsupported configuration and data loss. See Changes to Default Behavior and Minimum Required Panorama Version in the Prisma Access Release Notes (Panorama Managed) for details.
  2. Activate the Prisma Access auth codes for the Prisma Access components you purchased (Prisma Access for Networks, Prisma Access for Users, or Prisma Access for Clean Pipe):
    You must activate your Cortex Data Lake auth code before activating the Prisma Access auth codes.
    1. Log in to the Customer Support Portal (CSP) and select
      Assets
      Cloud Services
      Activate Cloud Services Auth-Code
      .
      activate-cloud-services-auth-code.png
    2. Enter the
      Authorization Code
      you received in the email, select the serial number for the
      Panorama
      on which you plan to install the Cloud Services plugin, read the End User License Agreement and Support Agreement and then
      Agree and Submit
      .
      activate-prisma-access-auth-code.png
      After you see the registration complete message, close the Cloud Services dialog.
  3. Verify the Quantity and Part Description of the Prisma Access licenses you just activated.
    csp-verify-purchase.png
  4. Download and install the Cloud Services plugin.
    See the Palo Alto Networks Compatibility Matrix for the Panorama versions that are supported with the Cloud Services plugin.
    You can either download the plugin from the Customer Support Portal, or you can check for plugin updates directly from Panorama.
    • To download and install the Cloud Services plugin by downloading it from the Customer Support Portal, complete the following steps.
      1. Log in to the Customer Support Portal and select
        Software Updates
        ,
      2. Find the Cloud Services plugin in the Panorama Integration Plug In section and download it.
        Do not rename the plugin file or you will not be able to install it on Panorama.
      3. Log in to the Panorama Web Interface of the Panorama you licensed for use with the Prisma Access, select
        Panorama
        Plugins
        Upload
        and
        Browse
        for the plugin
        File
        that you downloaded from the CSP.
      4. Install
        the plugin.
    • To download and install the new version of the Cloud Services plugin directly from Panorama, complete the following steps:
      1. Select
        Panorama
        Plugins
        and click
        Check Now
        to display the latest cloud_services plugin updates.
        plugin-updates-1-5.png
      2. Download
        the plugin version you want to install.
      3. After downloading the plugin,
        Install
        it.
    Installing a newer version of the Cloud Services plugin overwrites the previously installed version. If you are installing the plugin for the first time, after you successfully install, Panorama refreshes and the Cloud Services menu displays on the
    Panorama
    tab.
    plugin-installed.png
  5. Retrieve the Prisma Access license(s).
    1. Select
      Panorama
      Licenses
      and click
      Retrieve license keys from license server
      .
    2. Verify that you have the licenses for the Prisma Access components you plan to use.
      prisma-access-license.png
  6. Verify your account. You must be a super user on the Customer Support Portal (CSP) to generate the one-time password required to verify your account.
    When you try to use the Cloud Services plugin for the first time after installing it, you will be prompted to verify your account. This step ensures that the Panorama serial number is registered to use Prisma Access and enables a secure communication path between the Prisma Access components and Panorama.
    1. Log in to the Palo Alto Networks Customer Support Portal (CSP) as a super user and select
      Assets
      Cloud Services
      .
    2. Click
      Generate OTP
      .
      csp-otp.PNG
    3. Select the serial number for the
      Panorama
      where you installed the Cloud Services plugin and click
      Generate OTP
      .
    4. Click
      Copy to Clipboard
      .
    5. Go back to Panorama and click
      Panorama
      Cloud Services
      Configuration
      and click
      Verify
      .
      If
      Verify
      is disabled, check that you have configured a DNS server and NTP server on
      Panorama
      Setup
      Services
      .
      prisma-access-verify-screen.png
    6. Paste the
      One-time Password
      you just generated and click
      OK
      .
      verify-account.png
      You have ten minutes to enter the OTP before it expires.
  7. Apply device group changes in the Prisma Access infrastructure.
    After you upgrade to version 1.4 software, Prisma Access adds a third device group,
    Service_Conn_Device_Group
    , and moves all device groups under the
    Shared
    hierarchy. This step applies the device group changes to your configuration.
    1. Select
      Panorama
      Cloud Services
      Configuration
      Service Setup
      .
    2. Click the gear icon to edit the
      Settings
      .
    3. Make sure that
      Service_Conn_Device_Group
      is selected as the
      Device Group Name
      and
      Shared
      is selected as the
      Parent Device Group
      .
      1-3-upgrade-device-groups.png
    4. Click
      OK
      .
      Do not click
      Cancel
      , even if you did not make any changes to this page.
  8. Continue to configure your Prisma Access deployment by Enabling the Service Infrastructure.

Recommended For You