How to activate IoT Security?
Objective
How to activate IoT Security?
Procedure
Steps to activate IoT Security
1. Click the link in the onboarding IoT Security email.
If you recently bought both Cortex Data Lake and IoT Security, the email contains two "Activate" buttons.
Either button lets you activate both products through the same onboarding workflow. Click either of the two "Activate" buttons to begin the onboarding process.
2. Login with your Palo Alto Networks Customer Support Portal account credentials.
3. Select products to activate
If you have a new Cortex Data Lake instance to activate with the IoT Security subscription, leave the IoT Security subscription and Cortex Data Lake as selected when you click "Start Activation".
4. Select the relevant support account
If you have more than one Support account, select the one with firewalls to subscribe to IoT Security and then click "Next".
5. Set up IoT Security
To create a new IoT Security tenant, select "Activate New" and then enter a subdomain name.
This completes the URL for your IoT Security app. This will be the URL where you log in to the IoT Security portal.
The subdomain is prepopulated with the domain name from your email address, but it may be changed if the customer wants.
6. Select firewall to subscribe
Set the data lake instance to use, choose its region, and then click Next.***
***If the CDL license has already migrated to TSG (tenant service group), it will not be available in IoT standalone onboarding, since IoT is currently still not migrated to TSG. The customer will not be able to select any Data Lake, it will show NOT FOUND (see screenshot below)
If you have more than one Cortex Data Lake subscription, choose the one to which firewalls will forward logs with network traffic metadata, or, If you are activating a new data lake subscription, select "Activate New" for "Data Lake".
- Activate Subscriptions
Additional Information
- For more information please refer to Onboard IOT Security
- Onboarding firewalls to Cortex Data Lake is a separate process that varies depending on whether you manage your firewalls through Panorama or not. After you complete the IoT Security onboarding process, follow the Cortex Data Lake guidelines.
- If the customer performed the IoT security License activation using a Telemetry CDL, our system would automatically convert a Telemetry CDL into the Cloud Log Collection Service (CLCS).
However, if the Telemetry CDL was not converted into a Cloud Log Collection Service (CLCS), the CDL will not be mapped with the FW SNs.
If the customer mentioned that their firewalls are not mapped with the CDL, please open a SNOW ticket with the IAD Team. They will convert the Telemetry CDL into the CLCS manually
so that the customer's firewalls will be able to connect to the CDL. (Reference ticket #INC1225787)