10.1 or Later

1. To set up Panorama, install the Panorama virtual appliance and perform initial configuration or set up an M-Series appliance.
   You must configure one or more DNS servers and an NTP server instead of setting the date and time manually so that Panorama can stay in sync with Strata Logging Service.
   • To configure NTP, select PanoramaSetupServicesNTP and set a value for the NTP server. For example: pool.ntp.org.
   • To configure DNS servers, select PanoramaSetupServices and enter a value for the primary and optionally for the secondary DNS servers.
   • (Optional, Panorama 10.0 and later versions) To configure Panorama to connect to Strata Logging Service through a proxy server, select PanoramaSetupServicesSettings (

     ) and Use proxy to send logs to Strata Logging Service.
2. Register Panorama and activate the support license.
   1. Log in to the Customer Support Portal (CSP) and select AssetsDevicesRegister New Device.
   2. Select Register device using Serial Number or Authorization Code and then Submit.
   3. Enter the Panorama Serial Number provided in the email you received with your order fulfillment along with the required Location Information (as indicated by the asterisks) and then Agree and Submit the EULA.
      After you see the registration complete message, close the Device Registration dialog.
   4. Find the Panorama instance you just registered and click the corresponding edit (Actions column).
   5. To activate the Support license, select Activate Auth-Code and then enter the Support Authorization Code you received in your email and then Agree and Submit.
3. Activate Strata Logging Service.
4. (Optional) Onboard Panorama to your Strata Logging Service instance.
   This is necessary only if you did not onboard Panorama as part of activation.
   1. Log in to the hub and open the Strata Logging Service app to the instance to which you are onboarding.
   2. Select InventoryPanorama AppliancesAdd.
   3. Select Add and Next.
   4. Select the Panorama appliances you want to onboard and Submit.
5. Install a device certificate on the Panorama that you want to onboard to Strata Logging Service.
   1. If this is your first time installing a device certificate, you must issue the following command:

      > debug software restart process reportd 

      This is only required the first time that you install the device certificate.
6. Retrieve the Strata Logging Service and support licenses on Panorama.
   1. Select PanoramaLicenses and Retrieve license keys from license server.
   2. Verify that you see the Cortex Data Strata Logging Service license and the support license.

7. Download and install the Cloud Services plugin.
   The way you download and install the plugin depends on whether you are using Panorama 8.0.6 or a later Panorama version.

   On Panorama 8.0.x:

   1. Log in to the Customer Support Portal and select UpdatesSoftware Updates.
   2. Find a supported Cloud Services plugin version in the Panorama Integration Plug In section and download it. Plugin 1.0 versions are no longer supported on any version of Panorama.
      Do not rename the plugin file or you will not be able to install it on Panorama.
   3. To install the plugin, log in to the Panorama web interface of the Panorama you selected when you licensed Prisma Access, select PanoramaPluginsUpload, and Browse to the plugin File that you downloaded from the CSP.
   4. Install the plugin.

   On Panorama 8.1.0 and later versions:

   On Panorama 8.1 and later versions, you can either download the plugin from the CSP and then upload it to Panorama or you can check for plugin updates directly from Panorama as follows:

   1. Select PanoramaPlugins and Check Now to display the latest Cloud Services plugin updates.
   2. Download a supported plugin version.
      Plugin 1.0 versions 1.0.x are no longer supported on any version of Panorama.
   3. After you downloading the plugin, Install it.

   Installing a newer version of the Cloud Services plugin overwrites the previously installed version. If you are installing the plugin for the first time, after you successfully install the plugin, Panorama will refresh and the Cloud Services menu will display on the Panorama tab.

8. Generate an OTP from the Inventory menu in the Strata Logging Service app and copy it to your clipboard.
   You have ten minutes to enter the OTP before it expires.
   1. Go back to Panorama and select PanoramaCloud ServicesStatus to display the Verify Account dialog.
   2. Paste the OTP you just generated and Verify it.
      If Verify is disabled, check that you have configured both a DNS server and an NTP server (PanoramaSetupServices).
9. Verify the connection status between Panorama and Strata Logging Service.
   You can use the Panorama CLI or the Panorama web interface with the Cloud Services plugin to verify that the connection is successful.
   • Use the following CLI command:

     admin@Panorama> request plugins cloud_services logging-service status

     pass{"@status": "success", .....

   • Select PanoramaCloud ServicesStatusStatus and view details to verify that Panorama was able to successfully retrieve the Strata Logging Service certificate, fetch the Customer Identification number and the region in which your Strata Logging Service instance is deployed, and confirm that the Panorama appliance is connected to Strata Logging Service (Logging Service below). If any of these checks fail, the Status is reported as an Error.

10. On the hub, View Strata Logging Service Status to verify that Strata Logging Service is provisioned successfully.
11. Allocate Storage Based on Log Type. Make sure to allocate log quota for each log type because there are no log quota allocation defaults.
12. Onboard firewalls to Strata Logging Service.