>
    How to Activate AIOps for NGFW
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. Introducing AIOps for NGFW
    4. How to Activate AIOps for NGFW
    Download PDF
    Strata Cloud Manager

    How to Activate AIOps for NGFW

    Table of Contents

    How to Activate AIOps for NGFW

    Learn about how to activate AIOps for NGFW.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • NGFW (Managed by PAN-OS or Panorama)
    • VM-Series, funded with Software NGFW Credits
    • AIOps for NGFW Free (use the AIOps for NGFW Free app)
      or
    • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
    Here are the different scenarios for activating AIOps for NGFW:
    Scenario
    Plan
    Activating AIOps for NGFW Free
    		Activate AIOps for NGFW (Free)
    Activating AIOps for NGFW Premium (use Strata Cloud Manager app)
    		Activate AIOps for NGFW Through Common Services
    Onboarding new devices to the activated AIOps for NGFW Free instance
    Associate devices to a tenant
    Enable Telemetry on Devices
    Onboarding new devices to the activated AIOps for NGFW Premium (use Strata Cloud Manager app)
    Associate devices to a tenant
    Associate devices in tenant to app
    Enable Telemetry on Devices
    Activating ELA AIOps for NGFW Premium
    		Activate Enterprise License Agreement (ELA) AIOps for NGFW Premium
    Using Strata Cloud Manager (AIOps for NGFW Premium) to manage VM-Series
    		Activate a Software NGFW Credits License Agreement
    Using Strata Cloud Manager (AIOps for NGFW Premium) for Panorama Managed VM-Series
    		Activate a Software NGFW Credits License for Panorama Managed VM-Series
    Converting AIOps for NGFW Premium trial license to production
    		Convert Trial License to Production
    Strata Cloud Manager provides unified management and operations only for NGFWs using the AIOps for NGFW Premium license. The application tile name on the hub for AIOps for NGFW (the premium app only) is now changed to Strata Cloud Manager. With this update, the application URL has also changed to stratacloudmanager.paloaltonetworks.com, and you’ll also now see the Strata Cloud Manager logo on the left navigation pane. Continue to use the AIOps for NGFW Free app for the NGFWs onboarded to AIOps for NGFW Free.
    FedRAMP accounts can't use AIOps for NGFW. To check if this applies to you, sign in to your Customer Support Portal account and select Account ManagementAccount Details. If you see a FedRamp Account listed, then you cannot use AIOps for NGFW.

    Activate AIOps for NGFW (Free)

    Activation requires the Account Administrator or App Administrator role.
    1. Log in to the hub with the tenant-centric view.
      Toggle View by Support Account off if you're in the Support Account view.
      If you don't have an existing tenant, login to the hub with the support account view.
    2. Find AIOps for NGFW Free and select Activate.
    3. Complete the form.
      TenantSelect the tenant where you will activate the AIOps for NGFW Free instance. If you don’t have an existing tenant, select Create New.
      Customer Support AccountYour Customer Support Portal account ID.
      RegionThe deployment region and the region where your data logs are stored. See Regions for AIOps for NGFW.
      Strata Logging ServiceThe Strata Logging Service from which you want to send data to AIOps for NGFW Free. If you have a logging SLS, you can associate it with AIOps for NGFW Free. Otherwise, you can skip it.
    4. Agree to the Terms and Conditions and Activate.
    5. AIOps for NGFW Free is ready after Status shows Complete.
    6. Associate devices to a tenant containing your AIOps for NGFW Free instance.
      1. Log in to the hub.
      2. Select Common ServicesDevice Associations.
      3. Select Add Device.
      4. Select one or more firewalls or Panorama appliances and Save.
      You need to associate Panorama to the tenant containing AIOps for NGFW Free if you're onboarding Panorama-managed deployments. Make sure to individually associate all the firewalls managed by Panorama to the tenant.
      The devices that you associated with the tenant will be automatically added to AIOps for NGFW Free. For more information, see Associate devices to a tenant.
      • For AIOps for NGFW Free activation, associating apps with devices isn't required.
      • You can associate devices to a tenant at the beginning of activation if you already have an existing tenant.
      • You can remove device associations if, for example, you are retiring or returning a firewall or Panorama appliance, or if you want to associate it with another tenant service group (TSG).
    7. Enable telemetry on devices.
      1. Confirm the device is registered in the Customer Support Portal by logging in to support.paloaltonetworks.com, switch to your account (if necessary), and identify your device in AssetsDevices.
      2. Install a device certificate on the devices you want to onboard.
      3. Enable telemetry sharing on the devices.
      After you onboard the devices and enable telemetry, it takes around a couple of hours for the first set of insights to be visible on the AIOps for NGFW dashboard. The process of generating and sending telemetry on the device's side is done in batches, with each metric being sampled and collected at a frequency optimized for the use cases the metric is used for. This batch process can result in a delay between onboarding the firewall and the availability of insights. It might take several hours for all insights associated with a newly onboarded device to appear on the AIOps for NGFW dashboard.
    8. Log in to AIOps for NGFW Free by clicking on its icon in the hub.

    © 2024 Palo Alto Networks, Inc. All rights reserved.