• Support Portal
• Grace Period Extensions

Automatic Grace Period Extensions

Background

Cloud-delivered security services (CDSS) have licenses with expiration dates.  These licenses are typically purchased for 1, 3, or 5 years.

Grace period extensions extend the expiration date of a Cloud-delivered security service (CDSS) license by two days if the CDSS is about to expire within 24 hours.

Grace period extensions are designed to help customers avoid expiration of a CDSS when, for example, management approval, paperwork isn't complete, etc., or other logistics problems prevent renewal on time.
 

What is a CDSS?

A cloud-delivered security service (CDSS) is an add-on security service that provides best-in-class protection, such as:

• Advanced Threat Prevention
• Advanced URL Filtering
• DNS Security
• Advanced WildFire®
• Enterprise Data Loss Prevention
• Enterprise Device Security Security
• Medical Device Security Security
• Industrial OT Security
• Next-Gen CASB

When a cloud-delivered security service is integrated with other Palo Alto products, such as a next-generation firewall (NGFW), Forrester Consulting found that over three years our customers achieved:

• $9 million USD in savings, enabled by 45% breach reduction

• $6 million USD in efficiency gains for security operations and end users

• 35% reduction in the number of advanced investigations, 20% better MTTR and a 50% decrease in number of devices that required re-imaging

Thus, to maintain a high security posture, it is important to ensure your CDSS subscriptions do not expire.
 

How do I check for CDSS licenses about to expire?

To check for CDSS licenses about to expire click Licenses Expiring tile in the Customer Support Portal, Network Security page > Asset Dashboard. CSP displays a list of assets with CDSS licenses that will expire in the next seven days. Of the assets displayed, the list may include CDSS's with expiration dates extended by two days, to give you additional time to renew.
 
Be sure to renew CDSS's that are about to expire, or have already expired.

To display detailed information about CDSS licenses, click Licenses/Subscriptions icon (see Figure 1 above) to display the Licenses & Subscriptions drawer.
 

Figure 2. Viewing additional information in the Licenses & Subscriptions drawer

To find assets with expired CDSS licenses, click Licenses Expired tile in the Asset Dashboard.
 

Figure 3. Finding assets with expired licenses

Palo Alto Networks recommends periodically checking for Cloud-delivered security services (CDSS) that are about to expire, and plan for their renewal to avoid disruption.