Palo Alto Networks Knowledgebase: How to Activate and Install Logging Service and GlobalProtect Cloud Service for Evals

How to Activate and Install Logging Service and GlobalProtect Cloud Service for Evals

4961
Created On 02/07/19 23:51 PM - Last Updated 02/07/19 23:51 PM
Device Management Initial Configuration Installation QoS Zone and DoS Protection
Resolution

The following procedure walks you through the steps to license, download, and install the Cloud Services plugin on Panorama. In order to configure the firewalls to send logs to the Logging Service, the following components are required:

  • Panorama virtual appliance running Panorama 8.0.5 or later.
  • Cloud services plugin version 1.1.0 or later installed on Panorama.
  • Next-gen firewalls with a valid support license that are managed by Panorama and are running PANOS 8.0.5 or later.
    • Panorama is required to provision the certificate that the firewalls need to securely connect to the Logging Service. Therefore, only firewalls that are managed by Panorama can forward logs to the Logging Service.

 

How to install the Panorama virtual appliance and perform initial configuration.

 

Register Panorama and activate the support license.

 

STEP 1 | Activate the Logging Service.

Screen Shot 2018-07-02 at 12.50.53 PM.png

 

  • Enter the Logging Service auth code you received in the Software Evaluation Approved email, select the Panorama Serial Number for the Panorama you plan to use, and select the Logging Region. Click Agree and Submit.

Screen Shot 2018-07-02 at 12.54.37 PM.png

 

  •  After successfully activating Logging Service, the screen should show the new Logging Service product with the newly generated serial #.

Screen Shot 2018-07-02 at 1.00.31 PM.png

STEP 2 | Retrieve the Logging Service license on Panorama.

  • Select Panorama > Licenses and click Retrieve license keys from license server.
  • Verify that you see the Logging Service license and the premium support license.

logging-service-license-appliedd.png

 

STEP 3 | Install the Cloud Services plugin on Panorama.

  • Go to the Customer Support Portal (https://support.paloaltonetworks.com)
  • From the navigation menu on the left side, select Updates -> Software Updates.
  • Select Panorama Integration Plug In from the Filter By drop-down.
  • Find the Cloud Services section and download version 1.1.0 or later.

Screen Shot 2018-07-02 at 1.05.43 PM.png

 

 

  • From the Panorama webGUI, select Panorama > Plugins > Upload and Browse for the "cloud_services" plugin file that you just downloaded.
  • Install the plugin.
    • After successful installation, Panorama refreshes and the new Cloud Services menu displays on Panorama
    • plugin-installed.png

 

STEP 4 | Verify your account.  You must be a super user in the support account to view the OTP button.

When you try to use the Cloud Services plugin for the first time after installing it, you will be prompted to verify your account. This step ensures that the Panorama serial number is registered to use the Logging Service, and enables a secure communication path between the Logging Service and Panorama.

Screen Shot 2018-07-02 at 1.11.12 PM.png

  • Select the serial number for the Panorama where you installed the Cloud Services plugin and click Generate OTP.Screen Shot 2018-07-02 at 1.14.12 PM.png

 

  • Click Copy to Clipboard.Screen Shot 2018-07-02 at 1.11.40 PM.png

     

  • Go back to the Panorama webGUI and click Panorama > Cloud Services > Status to display the Verify Account dialog.
  • Paste the OTP you just generated and click Verify.
    • You have ten minutes to enter the OTP before it expires.

 

STEP 5 | Verify that the Logging Service is provisioned in the theatre you chose

  • Go to Panorama > Cloud Services > Configuration > (Logging Service) Service Setup.

logging-service-storage-quota.png

  • You must configure NTP rather than setting the date and time manually so that Panorama can stay in sync with the Logging Service.
  • To configure NTP, select Panorama > Setup > Services > NTP. Set a value for the NTP server, for example pool.ntp.org.

STEP 6Configure the Firewalls to Forward Logs to the Logging Service

 

STEP 7 | Activate the GlobalProtect cloud service auth codes

  • Go to the Support Portal and select Assets > Cloud Services > Activate Cloud Services Auth-Code.
  • To license the GlobalProtect cloud service for remote networks and/or for mobile users, enter the auth code you received in the email, select the Panorama Serial Number that you installed the Cloud Services plugin on, and then click Agree and Submit.

STEP 8 | Retrieve the GlobalProtect cloud service license(s).

  • Go to the Panorama webGUI and select Panorama > Licenses and click Retrieve license keys from license server.
  • Verify that you have the licenses for the GlobalProtect cloud service components you plan to use.
  • **Note: You may need to re-do the OTP authentication after activating the GPCS licenses.**

STEP 9 | Prepare Panorama to Push Configuration to the GlobalProtect Cloud Service

 

See Also

For a full list of other Support Portal User Documents, please click here:

Customer Support Portal User Documents



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNgCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language