Create a Deployment Profile Using the Licensing API
Table of Contents
                    
					11.1
						
				
		
  Expand all | Collapse all
  - 
          
                - VM-Series Deployments
- VM-Series in High Availability
- IPv6 Support on Public Cloud
- Enable Jumbo Frames on the VM-Series Firewall
- Hypervisor Assigned MAC Addresses
- Custom PAN-OS Metrics Published for Monitoring
- Interface Used for Accessing External Services on the VM-Series Firewall
- PacketMMAP and DPDK Driver Support
- Enable NUMA Performance Optimization on the VM-Series
- Enable ZRAM on the VM-Series Firewall
 
- 
          
                - Licensing and Prerequisites for Virtual Systems Support on VM-Series
- System Requirements for Virtual Systems Support on VM-Series
- Enable Multiple Virtual Systems Support on VM-Series Firewall
- Enable Multiple Virtual Systems Support on VM-Series in Panorama Console
- Enable Multiple Virtual Systems Support Using Bootstrap Method
 
- 
          
                - VM-Series Firewall Licensing
- Create a Support Account
- Serial Number and CPU ID Format for the VM-Series Firewall
- Use Panorama-Based Software Firewall License Management
- 
      
            
- Activate Credits
- Create a Deployment Profile
- Activate the Deployment Profile
- Manage a Deployment Profile
- Register the VM-Series Firewall (Software NGFW Credits)
- Provision Panorama
- Migrate Panorama to a Software NGFW License
- Transfer Credits
- Renew Your Software NGFW Credits
- Deactivate License (Software NGFW Credits)
- Delicense Ungracefully Terminated Firewalls
- Set the Number of Licensed vCPUs
- Customize Dataplane Cores
- Migrate a Firewall to a Flexible VM-Series License
- 
      
            - Generate Your OAuth Client Credentials
- Manage Deployment Profiles Using the Licensing API
- Create a Deployment Profile Using the Licensing API
- Update a Deployment Profile Using the Licensing API
- Get Serial Numbers Associated with an Authcode Using the API
- Deactivate a VM-Series Firewall Using the API
 
 
- What Happens When Licenses Expire?
 
- 
          
                - Supported Deployments on VMware vSphere Hypervisor (ESXi)
- 
      
            - Plan the Interfaces for the VM-Series for ESXi
- Provision the VM-Series Firewall on an ESXi Server
- Perform Initial Configuration on the VM-Series on ESXi
- Add Additional Disk Space to the VM-Series Firewall
- Use VMware Tools on the VM-Series Firewall on ESXi and vCloud Air
- Use vMotion to Move the VM-Series Firewall Between Hosts
- Use the VM-Series CLI to Swap the Management Interface on ESXi
- Configure Link Aggregation Control Protocol
 
- ESXi Simplified Onboarding
 
- 
          
                - 
      
            - Supported Deployments of the VM-Series Firewall on VMware NSX-T (North-South)
- Components of the VM-Series Firewall on NSX-T (North-South)
- 
      
            - Install the Panorama Plugin for VMware NSX
- Enable Communication Between NSX-T Manager and Panorama
- Create Template Stacks and Device Groups on Panorama
- Configure the Service Definition on Panorama
- Deploy the VM-Series Firewall
- Direct Traffic to the VM-Series Firewall
- Apply Security Policy to the VM-Series Firewall on NSX-T
- Use vMotion to Move the VM-Series Firewall Between Hosts
 
- Extend Security Policy from NSX-V to NSX-T
 
- 
      
            - Components of the VM-Series Firewall on NSX-T (East-West)
- VM-Series Firewall on NSX-T (East-West) Integration
- Supported Deployments of the VM-Series Firewall on VMware NSX-T (East-West)
- 
      
            - Install the Panorama Plugin for VMware NSX
- Enable Communication Between NSX-T Manager and Panorama
- Create Template Stacks and Device Groups on Panorama
- Configure the Service Definition on Panorama
- Launch the VM-Series Firewall on NSX-T (East-West)
- Add a Service Chain
- Direct Traffic to the VM-Series Firewall
- Apply Security Policies to the VM-Series Firewall on NSX-T (East-West)
- Use vMotion to Move the VM-Series Firewall Between Hosts
 
- 
      
            - Install the Panorama Plugin for VMware NSX
- Enable Communication Between NSX-T Manager and Panorama
- Create Template Stacks and Device Groups on Panorama
- Configure the Service Definition on Panorama
- Launch the VM-Series Firewall on NSX-T (East-West)
- Create Dynamic Address Groups
- Create Dynamic Address Group Membership Criteria
- Generate Steering Policy
- Generate Steering Rules
 
- Delete a Service Definition from Panorama
- Migrate from VM-Series on NSX-T Operation to Security Centric Deployment
- Extend Security Policy from NSX-V to NSX-T
- Use In-Place Migration to Move Your VM-Series from NSX-V to NSX-T
 
 
- 
      
            
- 
          
                
- Deployments Supported on AWS
- 
      
            
- Planning Worksheet for the VM-Series in the AWS VPC
- Launch the VM-Series Firewall on AWS
- Launch the VM-Series Firewall on AWS Outpost
- Create a Custom Amazon Machine Image (AMI)
- Encrypt EBS Volume for the VM-Series Firewall on AWS
- Use the VM-Series Firewall CLI to Swap the Management Interface
- Enable CloudWatch Monitoring on the VM-Series Firewall
- Publish ENA Network Performance Metrics to AWS CloudWatch
- VM-Series Firewall Startup and Health Logs on AWS
 
- Simplified Onboarding of VM-Series Firewall on AWS
- Use AWS Secrets Manager to Store VM-Series Certificates
- AWS Shared VPC Monitoring
- Use Case: Secure the EC2 Instances in the AWS Cloud
- Use Case: Use Dynamic Address Groups to Secure New EC2 Instances within the VPC
 
- 
          
                
- Intelligent Traffic Offload
- Software Cut-through Based Offload
 
- 
          
                
- Deployments Supported on Azure
- Deploy the VM-Series Firewall from the Azure Marketplace (Solution Template)
- Simplified Onboarding of VM-Series Firewall on Azure
- Deploy the VM-Series Firewall from the Azure China Marketplace (Solution Template)
- Deploy the VM-Series with the Azure Gateway Load Balancer
- Create a Custom VM-Series Image for Azure
- Deploy the VM-Series Firewall on Azure Stack
- Deploy the VM-Series Firewall on Azure Stack HCI
- Enable Azure Application Insights on the VM-Series Firewall
- Azure Health Monitoring
- Set up Active/Passive HA on Azure
- Use Azure Key Vault to Store VM-Series Certificates
- Use the ARM Template to Deploy the VM-Series Firewall
 
- 
          
                - About the VM-Series Firewall on Google Cloud Platform
- Supported Deployments on Google Cloud Platform
- Create a Custom VM-Series Firewall Image for Google Cloud Platform
- Prepare to Set Up VM-Series Firewalls on Google Public Cloud
- 
      
            - Deploy the VM-Series Firewall from Google Cloud Platform Marketplace
- Management Interface Swap for Google Cloud Platform Load Balancing
- Use the VM-Series Firewall CLI to Swap the Management Interface
- Enable Google Stackdriver Monitoring on the VM Series Firewall
- Enable VM Monitoring to Track VM Changes on Google Cloud Platform (GCP)
- Use Dynamic Address Groups to Secure Instances Within the VPC
- Use Custom Templates or the gcloud CLI to Deploy the VM-Series Firewall
- Enable Session Resiliency on VM-Series for GCP
 
- Secure Boot Support for VM-Series on GCP
 
- 
          
                
- Prepare Your ACI Environment for Integration
- 
      
            - 
      
            - Create a Virtual Router and Security Zone
- Configure the Network Interfaces
- Configure a Static Default Route
- Create Address Objects for the EPGs
- Create Security Policy Rules
- Create a VLAN Pool and Domain
- Configure an Interface Policy for LLDP and LACP for East-West Traffic
- Establish the Connection Between the Firewall and ACI Fabric
- Create a VRF and Bridge Domain
- Create an L4-L7 Device
- Create a Policy-Based Redirect
- Create and Apply a Service Graph Template
 
- 
      
            - Create a VLAN Pool and External Routed Domain
- Configure an Interface Policy for LLDP and LACP for North-South Traffic
- Create an External Routed Network
- Configure Subnets to Advertise to the External Firewall
- Create an Outbound Contract
- Create an Inbound Web Contract
- Apply Outbound and Inbound Contracts to the EPGs
- Create a Virtual Router and Security Zone for North-South Traffic
- Configure the Network Interfaces
- Configure Route Redistribution and OSPF
- Configure NAT for External Connections
 
 
- 
      
            
 
- 
          
                - Choose a Bootstrap Method
- VM-Series Firewall Bootstrap Workflow
- Bootstrap Package
- Bootstrap Configuration Files
- Bootstrapping VM-Series in Virtual Metadata Collector Mode
- Generate the VM Auth Key on Panorama
- Create the bootstrap.xml File
- Prepare the Licenses for Bootstrapping
- Prepare the Bootstrap Package
- Bootstrap the VM-Series Firewall on AWS
- Bootstrap the VM-Series Firewall on Azure
- Bootstrap the VM-Series Firewall on Azure Stack HCI
- Bootstrap the VM-Series Firewall on Google Cloud Platform
- Verify Bootstrap Completion
- Bootstrap Errors
 
Create a Deployment Profile Using the Licensing API
Use the following API to create a new deployment profile to license your VM-Series and
        CN-Series firewalls use Software NGFW credits. 
    Header Parameters: token
Request Body Parameters: creditPoolId,
                name,
                type,panOs,
                firewallQuantity,
                vCpuQuantity,panorama, and
                subs
Request Method: POST
URL:
                https://api.paloaltonetworks.com/tms/v1/deploymentProfile
Use the following API to create a new deployment profile to license your VM-Series and
            CN-Series firewalls using Software NGFW credits. The API response returns the Software
            NGFW auth code that your will use to license your firewalls.
  | Parameter | Description | |||
|---|---|---|---|---|
| creditPoolId This parameter is required. | This deployment profile is added to the credit pool with the ID
                                number you enter here. | |||
| name | The deployment profile name. | |||
| type This parameter is required. | For VM-Series, enter VM. For CN-Series, enter CN. | |||
| panOs | The PAN-OS version is specific to the firewall type—VM-Series or
                                CN-Series. VM-Series— 
 For CN-Series, enter
                                10.0,10.1_and-above,10.2 | |||
| firewallQuantity This parameter is required. | The number of firewalls. This value must be greater than zero
                                (0). This is not required for CN-Series running PAN-OS 10.1 and above or
                                PAN-OS 10.2. | |||
| vCpuQuantity | The number of planned vCPUs per firewall. This is required if type is set VM-Flex (any
                                PAN-OS version) or CN-Series running PAN-OS 10.1 and above or PAN-OS
                                10.2. Additionally, the vCPU value must be greater than zero (0) and
                                less than or equal to 64. | |||
| vSysQuantity | The number of virtual systems (vsys)
                            available on each firewall deployed with this auth code. The default
                            value is 1 and only positive integers are allowed. This parameter is
                                optional. | |||
| vmModel | This parameter is required when creating a deployment profile for
                                fixed model VM-Series firewalls. 
 | |||
| panorama | This parameter allows you to use Software NGFW credits to enable
                                Panorama. Use Management to enable Panorama
                                or LogCollector to enable Panorama as a
                                Dedicated Log Collector. This parameter accepts a list of
                                stings. The parameters are case sensitive. | |||
| subscriptions | Specify subscriptions to add to your deployment profile. This
                                parameter accepts a list of strings The subscriptions are PAN-OS
                                specific. For PAN-OS 10.0.3 and below (fixed vCPU models) and PAN-OS 10.0.4 and
                                above (flexible vCPUs) 
 If panOsVersion is left blank, this field is
                                required.  | Specify subscriptions to add to your deployment profile. This
                                parameter accepts a list of strings The subscriptions are PAN-OS
                                specific. For CN-Series running PAN-OS 10.0: 
 If panOsVersion is left blank, this field is
                                required.  | Specify subscriptions to add to your deployment profile. This
                                parameter accepts a list of strings The subscriptions are PAN-OS
                                specific. For CN-Series running PAN-OS 10.1 and above: 
 If panOsVersion is left blank, this field is
                                required.  | Specify subscriptions to add to your deployment profile. This
                                parameter accepts a list of strings The subscriptions are PAN-OS
                                specific. For CN-Series running PAN-OS 10.2.0 and above: 
 If panOsVersion is left blank, this field is
                                required.  | 
| features | Specify use of Network Packet Broker and Decryption Port Mirror. 
 | |||
Sample API request:
curl --location --request POST 'https://api.paloaltonetworks.com/tms/v1/deploymentProfile' \ --header 'token: <your-token>' \ --header 'Content-Type: application/json' \ --data-raw '{ "creditPoolId": 97101#####, "name":"sample DP", "type": "VM", "panOS": "10.0.4_or-above", "firewallQuantity": 1, "vSysQuantity": 1, "vCpuQuantity": 2, "panorama": [ "Management", ], "subscriptions": [ "DNS", ] }'
Sample API response:
{ "profile_id": 29###, "auth_code": "D#######", "success": true, "message": "Deployment profile saved successfully." }
The response returns the full authcode.
