Link the Cloud NGFW to Palo Alto Networks Management
Link Cloud NGFW to Panorama.
Where Can I Use This?
What Do I Need?
Cloud NGFW for AWS
Cloud NGFW subscription
Palo Alto Networks Customer Support Account (CSP)
AWS Marketplace account
User role (either tenant or administrator)
You have two options for linking:
Link the Cloud NGFW to Palo Alto Networks with Panorama for policy
management only.
Link the Cloud NGFW tenant with Panorama for policy management and Strata
Logging Service for log management.
You must be subscribed to the Cloud NGFW service using AWS
Marketplace to integrate Cloud NGFW with Panorama. After linking your Cloud NGFW
tenant to Panorama, you can view the tenants and resources, along with their status,
in the Panorama console under the AWS plugin.
To link your Cloud NGFW tenant to Panorama using the Cloud NGFW:
Select Integrations.
In the Integrations page, click Add
Panorama.
If you're using a tenant linked to Panorama that was created using the AWS
Firewall Manager you can't unlink the Cloud NGFW resource.
In the Add Panorama screen, enter a Link
Name. Select the Primary Panorama Serial
Number from the drop-down. For HA environments, select the
Secondary Panorama Serial Number from the
drop-down.
This screen displays two different icons describing the state of the Panorama
license; a Panorama linked to Strata Logging Service, and a Panorama that
isn't linked to Strata Logging Service. The image below illustrates these
icons:
If you select a Panorama serial number that isn't linked to Strata Logging
Service, you must specify an option to either cancel the linking process, in
which case you agree to procure a Strata Logging Service license and
associate it with your Panorama appliance, or you agree to continue using
Panorama for policy management only:
If you select a Panorama license that is already connected to a Strata
Logging Service, you're asked to Confirm the
association before continuing with the integration process.
After selecting the Panorama license, click Continue.
The Integrations page displays the Link
ID and the linked Panorama Serial
Number:
The Integrations page displays the Link
ID and the linked Panorama Serial Number.
For additional information, including the Strata Logging Service ID
associated with the linked Panorama, click the Link
ID in the Integrations page. The
Link Panorama window appears:
Unsubscribe a Cloud NGFW Tenant from AWS Marketplace
To unsubscribe a Cloud NGFW tenant from AWS Marketplace:
Create a Support Case to Unlink Panorama from Cloud NGFW When Using AWS Firewall
Manager
If you're using AWS Firewall Manager and linked a Cloud NGFW resource to
Panorama, you must contact Palo Alto Networks Support to unlink the Cloud NGFW
resource from Panorama. When creating the support case, you may be asked to
provide additional information, like the AWS account ID, and the tenant ID for
the resource.
To create a support case using the Cloud NGFW console:
Locate your AWS Account ID. Select AWS
Accounts.
If required, use the Panorama console to determine additional information
for the support case, like the tenant ID, or the Panorama serial
number.
Locate the Panorama serial number using the
Dashboard:
Locate the Tenant ID for the Cloud NGFW
resource:
On the Overview page in the Cloud NGFW console,
click Create a case.
