Automatic Site License Activation on the PAYG VM-Series Firewalls

• Enable the firewalls to retrieve the site licenses automatically at launch.
  The firewall requires the device certificate to get the site license entitlements and securely access the cloud services. To retrieve the site licenses when you launch the firewall, in the bootstrap package you must include the authcode in the /license folder, and add the auto registration PIN ID and value in the init-cfg.txt file and place it in the /config folder.

  1. Generate the VM-Series registration PIN on the Customer Support Portal (CSP).
  2. Select AssetsDevice CertificatesGenerate Registration PIN.
     Save the PIN ID and value, and make sure to launch the firewall before the PIN expires.

  3. Add the registration PIN ID and value in the init-cfg.txt file.
     In addition to the required parameters, you must include:

     vm-series-auto-registration-pin-id=

     vm-series-auto-registration-pin-value=

  4. Log in to the firewall and verify that you can see the site license on the firewall.
• Generate the one-time password (OTP) and manually retrieve the device certificate on the firewall.
  The firewall requires this device certificate to get the site license entitlements and securely access the cloud services.

  1. Log in to the Customer Support Portal.
     Register your VM-Series firewall, if you have not already.
  2. Select AssetsDevice CertificatesGenerate OTP.

  3. Select your firewall from the list to Generate OTP.
  4. Log in to the firewall, and retrieve the device certificate.
     Select SetupManagementDevice Certificate and Get certificate

  5. Verify that the device certificate is fetched and that you can see the site license on the firewall.
• If using Panorama to manage the VM-Series firewall, see Install the device certificate on a managed firewall.