Strata Logging Service Deployment Prerequisites

Strata Logging Service Deployment Prerequisites

• For non-qualifying users
  Use the Strata Logging Service Estimator to calculate the amount of storage you need in Strata Logging Service.
• On your firewalls and Panorama appliances, allow access to the ports and FQDNs required to connect to Strata Logging Service. If using a proxy server, allow the same ports and FQDNs on the server without SSL decryption.
• Ensure that you are not decrypting traffic to Strata Logging Service.
• Ensure that the firewalls and the Strata Logging Service instance to which you want to send their logs are registered to the same customer support account. Firewalls cannot send logs to a Strata Logging Service instance registered to a different account.
• Consider that a Panorama™ appliance or firewall running PAN-OS^® 9.1 and earlier versions cannot connect to Strata Logging Service from behind a proxy (Strata Logging Service requires mutual authentication). You can, however, enable proxy communication on PAN-OS 10.0 and later versions:
  • On a Panorama appliance: SetupServices

    

    Use proxy to send logs to Strata Logging Service.
  • On a firewall: DeviceSetupServices
    
    Use proxy to send logs to Strata Logging Service
• Ensure that your firewalls meet the software version requirements for your deployment style: Prisma Access (Managed by Panorama) or individually managed.
• The process to activate Strata Logging Service can vary depending on the other products you’re using (see Strata Logging Service License).
• If you’re using Panorama or Prisma Access, review this additional list of requirements to make sure that you have everything you need to get started with Strata Logging Service.

• Activate Strata Logging Service
• Onboard Firewalls to Strata Logging Service
• Start Sending Logs to Strata Logging Service