: Automatic Site License Activation on the PAYG VM-Series Firewalls
Focus
Focus

Automatic Site License Activation on the PAYG VM-Series Firewalls

Table of Contents
End-of-Life (EoL)

Automatic Site License Activation on the PAYG VM-Series Firewalls

Retrieve enterprise-wide licenses for AutoFocus and the Cortex Data Lake on the PAYG instances of VM-Series firewalls.
With the Pay-As-You-Go (PAYG) instance of the VM-Series firewall, you can now unlock the capabilities of your enterprise-wide licenses for AutoFocus or Cortex Data Lake. The firewall requires a device certificate to get the site license entitlements and securely access the cloud services.
With the site license, the firewall has the entitlement to securely connect with the Cortex Data Lake, and you must configure the firewall to connect to and send logs to Cortex Data Lake.
  • Enable the firewalls to retrieve the site licenses automatically at launch.
    The firewall requires the device certificate to get the site license entitlements and securely access the cloud services. To retrieve the site licenses when you launch the firewall, in the bootstrap package you must include the authcode in the /license folder, and add the auto registration PIN ID and value in the init-cfg.txt file and place it in the /config folder.
    1. Generate the VM-Series registration PIN on the Customer Support Portal (CSP).
    2. Select AssetsDevice CertificatesGenerate Registration PIN.
      Save the PIN ID and value, and make sure to launch the firewall before the PIN expires.
    3. Add the registration PIN ID and value in the init-cfg.txt file.
      In addition to the required parameters, you must include:
      vm-series-auto-registration-pin-id=
      vm-series-auto-registration-pin-value=
    4. Log in to the firewall and verify that you can see the site license on the firewall.
  • Generate the one-time password (OTP) and manually retrieve the device certificate on the firewall.
    The firewall requires this device certificate to get the site license entitlements and securely access the cloud services.
    1. Log in to the Customer Support Portal.
      Register your VM-Series firewall, if you have not already.
    2. Select AssetsDevice CertificatesGenerate OTP.
    3. Select your firewall from the list to Generate OTP.
    4. Log in to the firewall, and retrieve the device certificate.
      Select SetupManagementDevice Certificate and Get certificate
    5. Verify that the device certificate is fetched and that you can see the site license on the firewall.
  • If using Panorama to manage the VM-Series firewall, see Install the device certificate on a managed firewall.