AWS Cloud NGFW show CDL logging disable even after license is activated with Panorama SN

• If CDL license is activated after AWS CNGFW integration already done, we will still see "Log Forwarding and Analytics" shown as Disabled on AWS CNGFW console.

• AWS CNGFW

• Adding CDL license to activate log forwarding on CNGFW is not a supported workflow

• Perform the below steps to unlink and relink AWS CNGFW integration

1. Log in to Panorama as the default admin superuser.

2. Disassociate the rulestack to firewall. + Go to Panorama > AWS > Cloud NGFW > Resources page. + Record the Device Group name and Template Stack name. + Click on the device group and change it to none. + Commit to panorama and push to Cloud DG.

3. Disassociate the panorama link from firewall. + Go to Cloud NGFW console > NGFWs > Firewall Settings page. + Under Policy Management, change Panorama to None.

4. Unlink the panorama link. + Go to Cloud NGFW console > Settings > Integrations page. + This step takes up to 15 minutes. Customer will experience outage at this time and need to do this in maintenance window.

5. Create panorama integration. + Go to Cloud NGFW console > Settings > Integrations page. + In Integrations page, Add Policy Manager, which should reflect CDL after completion.

6. Associate firewall to panorama link. + Go to Cloud NGFW console > NGFWs > Firewall Settings page. + Under Policy Management, select the Linked Panorama.

7. Associate rulestack to firewall. + Go to Panorama > AWS > Cloud NGFW > Resources page. + Click on the device group and change it to the previous Device Group (recorded in step 2). + Commit to panorama and push to Cloud DG.