On your firewalls and Panorama appliances, allow access to the ports and FQDNs required to connect to
Strata Logging Service. If using a proxy server, allow the same ports
and FQDNs on the server without SSL decryption.
Ensure that you are not decrypting traffic to Strata Logging Service.
Ensure that the firewalls and the Strata Logging Service instance to
which you want to send their logs are registered to the same customer support
account. Firewalls cannot send logs to a Strata Logging Service instance
registered to a different account.
Consider that a Panorama™ appliance
or firewall running PAN-OS® 9.1 and earlier versions cannot connect
to Strata Logging Service from behind a proxy (Strata Logging Service requires mutual authentication). You can, however, enable proxy communication on PAN-OS
10.0 and later versions:
On a Panorama appliance: SetupServices
Use proxy to send logs to Strata Logging Service.
On a firewall: DeviceSetupServices
Use proxy to send logs to Strata Logging Service
Ensure that your firewalls meet the software version requirements for your
deployment style: Prisma Access (Managed by Panorama) or individually managed.
The process to activate Strata Logging Service can vary depending on the other products
you’re using (see Strata Logging Service License).
If you’re using Panorama or Prisma Access, review this additional list of
requirements to make sure that you have everything you need to get
started with Strata Logging Service.
When you have your plan finalized, here’s what you need to do to roll out your Strata Logging Service deployment: