Zero Touch Provisioning (ZTP) allows simplifies onboarding Next-Generation firewalls to your Panorama™ management server by allowing you to minimize the manual admin intervention required to onboard the firewall and connect it to your network. PAN-OS 11.2.0 introduces additional enhancements to the ZTP onboarding experience by allowing you to activate applicable licenses and install the latest content updates when the firewall first connects to Panorama.

When you add ZTP firewalls to Panorama, you can now specify the firewall authorization code required to activate the firewall license. This allows you to activate the licenses on the ZTP firewall when it connects to Panorama for the first time. Additionally, you can configure Panorama to automatically push the latest downloaded content version when the ZTP firewalls successfully connects and is onboarded to Panorama in the template stack generated through the ZTP plugin. After a successful connection to Panorama, it activates the applicable licenses associated with the auth code you added for the ZTP firewall pushes the latest predefined device group and template stack configuration, installed the latest downloaded dynamic content version.