How to Activate Eval Magnifier Cloud Service

by bfrentz ‎02-09-2018 11:20 AM - edited ‎02-15-2018 10:11 AM (4,952 Views)

The following procedure walks you through the steps to activate Magnifier cloud service using an Evaluation Auth Code.

 

Everything You Need to Configure Magnifier

 

Requirements to Configure Firewalls and Panorama to Support to Magnifier 

  • Palo Alto Networks firewalls and Panorama must be set up with the Palo Alto Networks Logging Service
    • Specifically for Magnifier, firewalls must be configured to send traffic logs to the logging service.
  • Make sure that you allow traffic to the full list of TCP ports and FQDNs that the Logging Service requires.
  • Palo Alto Networks firewalls are running PAN-OS 8.0.5 or later with the latest content version.
  • An internet gateway firewall has an interface configured in TAP mode.

***Eval Magnifier service must be activated using Eval Panorama software and Eval Logging service. Activating eval Magnifier auth codes on a production Panorama or production Logging Service will create a problem when you activate a purchased Magnifier auth code later.***

 

How to install the Panorama virtual appliance and perform initial configuration.

 

Register Panorama and activate the support license.

 

How to Activate and Install Logging Service and GlobalProtect Cloud Service for Evals

 

STEP 1 | Verify your firewall logs are populating in Logging Service

  • From Panorama, select MonitorLogs and select a log type to view.
  • To verify that the logs you are seeing are from the Logging Service, run the following CLI command on the firewall:
    • > show logging-status
  • Use the ACC on Panorama and firewalls to monitor network activity . Check for applications like SMBv2, ms-rdp, DNS, and Kerberos to verify that the firewalls have visibility into internal network traffic.

 

STEP 2 | Add Magnifier User Role.

  • Log in to the Customer Support Portal (https://support.paloaltonetworks.com)
  • Go to Members and locate the user that will activate Magnifier.
  • Click the Edit icon and add the Magnifier and Logging Service user roles.
  • Click the Checkmark icon to save your changes.

Screen Shot 2018-02-09 at 11.52.19 AM.png

 

STEP 3 | Log in to the Palo Alto Networks Cloud Services portal.

  • Go to https://apps.paloaltonetworks.com
  • If you are a member of multiple support accounts, click the account name drop down list and select the correct support account.

 

STEP 4 | Click Activate New App.

 

Screen Shot 2018-02-09 at 11.57.24 AM.png

 

STEP 5 | Enter the Eval Auth Code

This auth code is located in the “Software Evaluation Approved” email that you received from Palo Alto Networks.

  • Activation – Step 1 of 2: Enter the auth code and click “Continue”. 

Screen Shot 2018-02-09 at 11.59.03 AM.png 

  • Activation – Step 2 of 2.
    • Ensure the License Type shows Magnifier and that the Company Name is the correct support account.
    • Instance Name: enter a unique name that will help you identify the Magnifier service.
    • Description: this field is optional
    • Region: Select the geographical region that this cloud service will be hosted in.
      • **This must be the same as the region that your Logging Service is deployed in.**
    • Logging Service: Select the Logging Service instance that will provide the Magnifier analytics engine with log data.
    • Click Agree and Activate – it will take about a minute to generate the activation info/serial number and about 10 minutes for the cloud service tenant to become active.

Screen Shot 2018-02-09 at 12.05.13 PM.png 

  • If Magnifier activated successfully, you will see a screen like this.

 

Screen Shot 2018-02-08 at 2.36.12 PM.png 

  • Click the Settings wheel at the top of the screen to see the current status of your Logging Service tenant and Magnifier cloud service tenant.

 

 Screen Shot 2018-02-08 at 2.40.09 PM.png

 

STEP 6 | Log in to the Magnifier app to confirm that you can successfully access the Magnifier interface

  • From the App Portal home page, click the Magnifier app icon and then click the link for your Magnifier instance.

 Screen Shot 2018-02-09 at 12.13.22 PM.png

 

STEP 7 | Specify the internal networks that you want Magnifier to monitor.

  • Click on the gearbox in the upper right-hand corner of the Analyst Interface to open the Administrator Interface.
  • In the Magnifier administrator interface, select the Network Coverage Page.
  • This page provides a table of the IP ranges Magnifier monitors, which is pre-populated with the default IPv4 and IPv6 address spaces. 

 

STEP 8 | Set up Pathfinder

 

STEP 9 | Verify that Magnifier is working

Get reports on the various networks that Magnifier is monitoring.

  • In the Magnifier app, click the gearbox in the upper right-hand corner of the Analyst Interface to open the Administrator Interface.
  • On the Network Coverage page, select IP Ranges Report.
  • Enter the date and time range for which you want a report, and click Generate.
  • Verify that the IP ranges match the network segments the firewall sees; the DNS % should be over 50.

 

 

Additional Documentation:

 

Magnifier Getting Started Guide

 

Logging Service Getting Started Guide

 

GlobalProtect Cloud Service Getting Started Guide

Ignite 2018, Amsterdam, Netherlands
Ask Questions Get Answers Join the Live Community
Contributors