CN-Series 11.1.0
Focus
Focus
CN-Series

CN-Series 11.1.0

Table of Contents

CN-Series 11.1.0

CN-Series 11.1.0 introduces IoT security support for CN-Series firewall and Strata Logging Service for CN-Series firewall.

IoT security for CN-Series Firewall

For Palo Alto Networks next-generation CN-Series firewall, the IoT Security solution uses machine learning (ML) to provide visibility of discovered IoT devices based on the meta-data in the logs it receives from the firewall. IoT Security also identifies vulnerabilities and assess risk in devices based on their network traffic behaviors and dynamically updated threat feeds.
You can use the policy rule recommendations that IoT Security generates as a reference when manually adding rules to your CN-Series firewall. IoT Security always generates Security policy rule recommendations regardless of the PAN-OS version.
When using IoT Security Subscription, which stores data in Strata Logging Service, you need one Strata Logging Service license per account and must ensure that Strata Logging Service configuration for your CN-Series firewall is complete.
For more information, see IoT Security Prerequisites.

Strata Logging Service on CN-Series firewall Firewall

Strata Logging Service enables AI-based innovations for cybersecurity with the industry’s only approach to normalizing and stitching together your enterprise’s data. For more information, see About Strata Logging Service and Strata Logging Service for Panorama-Managed Firewalls. Strata Logging Service can now collect log data from CN-Series next-generation firewall. When you purchase a Strata Logging Service license, all firewalls registered to your support account receive a Strata Logging Service license. You will also receive a magic link that you will need to use to activate your Strata Logging Service instance.
To get started with CN-Series firewall Strata Logging Service, you must ensure that you Install the Kubernetes Plugin and Set up Panorama for your CN-Series Firewall. You must provide the device certificate to the CN-MGMT pod for Strata Logging Service connectivity. It is important to register your CN-MGMT pod with a CSP account to ensure that CN-MGMT pod is reflected in your Strata Logging Service instance. Add the valid PIN-ID and PIN-value to pan-cn-mgmt-secret.yaml file to successfully install the device certificate. The CN-Series firewall requires a device certificate that authorizes secure access to Strata Logging Service. For more information see Install a Device Certificate on the CN-Series Firewall.
After you deploy your CN-Series firewall, verify that your CN-MGMT pod is visible on your CSP account, under Registered Devices. For more information see, Register the Firewall. You must ensure that you Configure your CN-Series firewall with Panorama and Create a CN-Series Deployment Profile on your CSP account and use the auth code to push licenses from Panorama to your CN-Series firewall.
For more information, see: