Activate and Install Prisma Access
Use the following workflow to license Prisma Access and download and install the Cloud Services plugin. If you are upgrading an existing Prisma Access deployment to a new version, use the workflow in the Prisma Access Release Notes (Panorama Managed) to upgrade the Cloud Services plugin.
To set up Prisma Access in High Availability (HA) mode with a primary and secondary Panorama, Configure Panorama Appliances in High Availability for Prisma Access before you license and activate Prisma Access.
- Be sure you have upgraded the Panorama on which you will install the Cloud Services plugin (which activates Prisma Access to a minimum version of 9.0.4 or 9.1.1.While using Panorama 9.1 is supported with Prisma Access, upgrading to Panorama 9.1 does not give you access to 9.1 features in Prisma Access. The Prisma Access infrastructure supports PAN-OS features up to release 9.0.Your Panorama must be running a minimum version of 9.0.4before installing the 1.6 Cloud Services plugin. PAN-OS 9.1.1 is also supported with the 1.6 plugin, but if you are upgrading from an earlier plugin version, you should upgrade the plugin to 1.6 before upgrading your Panorama from 9.0.xto 9.1.1, because earlier plugin versions are not compatible with PAN-OS 9.1.1. The Cloud Services plugin 1.6 and later require Panorama version 9.0.4 or 9.1.1 as the minimum version. Installing the 1.6 plugin on a Panorama running 8.1 or earlier is not supported, and will result in an unsupported configuration and data loss.
- Activate the Prisma Access auth codes for the Prisma Access components you purchased (Prisma Access for Networks, Prisma Access for Users, or Prisma Access for Clean Pipe):You must activate your Cortex Data Lake auth code before activating the Prisma Access auth codes.
- Log in to the Customer Support Portal (CSP) and select.AssetsCloud ServicesActivate Cloud Services Auth-Code
- Enter theAuthorization Codeyou received in the email, select the serial number for thePanoramaon which you plan to install the Cloud Services plugin, read the End User License Agreement and Support Agreement and thenAgree and Submit.After you see the registration complete message, close the Cloud Services dialog.
- Verify the Quantity and Part Description of the Prisma Access licenses you just activated.
- Download and install the Cloud Services plugin.See the Palo Alto Networks Compatibility Matrix for the Panorama versions that are supported with the Cloud Services plugin.You can either download the plugin from the Customer Support Portal, or you can check for plugin updates directly from Panorama.
After you install the Cloud Services plugin, the plugin creates a Panorama administrative user with a username of__cloud_services. This user account is required to enable communication between Enterprise DLP on Prisma Access and the Prisma Access management infrastructure. Palo Alto Networks recommends that you change the password for this administrative user in accordance with your organization’s password policy.If you delete the__cloud_servicesuser, you must re-add the user manually. The account is used to register and activate Enterprise DLP on Prisma Access, and for continued DLP scanning using the data patterns and data filtering profiles referenced in security policy rules.Installing a newer version of the Cloud Services plugin overwrites the previously installed version. If you are installing the plugin for the first time, after you successfully install, Panorama refreshes and the Cloud Services menu displays on thePanoramatab.
- To download and install the Cloud Services plugin by downloading it from the Customer Support Portal, complete the following steps.
- Find the Cloud Services plugin in the Panorama Integration Plug In section and download it.Do not rename the plugin file or you will not be able to install it on Panorama.
- Log in to the Panorama Web Interface of the Panorama you licensed for use with the Prisma Access, selectandPanoramaPluginsUploadBrowsefor the pluginFilethat you downloaded from the CSP.
- Installthe plugin.
- To download and install the new version of the Cloud Services plugin directly from Panorama, complete the following steps:
- Selectand clickPanoramaPluginsCheck Nowto display the latest cloud_services plugin updates.
- Downloadthe plugin version you want to install.
- After downloading the plugin,Installit.
- Retrieve the Prisma Access license(s).
- Selectand clickPanoramaLicensesRetrieve license keys from license server.
- Verify that you have the licenses for the Prisma Access components you plan to use.
- Verify your account. You must be a super user on the Customer Support Portal (CSP) to generate the one-time password required to verify your account.When you try to use the Cloud Services plugin for the first time after installing it, you will be prompted to verify your account. This step ensures that the Panorama serial number is registered to use Prisma Access and enables a secure communication path between the Prisma Access components and Panorama.
- Log in to the Palo Alto Networks Customer Support Portal (CSP) as a super user and select.AssetsCloud Services
- ClickGenerate OTP.
- Select the serial number for thePanoramawhere you installed the Cloud Services plugin and clickGenerate OTP.
- ClickCopy to Clipboard.
- Go back to Panorama and clickand clickPanoramaCloud ServicesConfigurationVerify.IfVerifyis disabled, check that you have configured a DNS server and NTP server on.PanoramaSetupServices
- Paste theOne-time Passwordyou just generated and clickOK.You have ten minutes to enter the OTP before it expires.
- Apply device group changes in the Prisma Access infrastructure.After you upgrade to version 1.4 software, Prisma Access adds a third device group,Service_Conn_Device_Group, and moves all device groups under theSharedhierarchy. This step applies the device group changes to your configuration.
- Select.PanoramaCloud ServicesConfigurationService Setup
- Click the gear icon to edit theSettings.
- Make sure thatService_Conn_Device_Groupis selected as theDevice Group NameandSharedis selected as theParent Device Group.
- ClickOK.Do not clickCancel, even if you did not make any changes to this page.
- Continue to configure your Prisma Access deployment by Enabling the Service Infrastructure.
Recommended For You
Recommended videos not found.