This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

All Firewall are disconnected on Data Lake

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

All Firewall are disconnected on Data Lake

staltari
L1 Bithead

‎10-11-2022 01:06 AM

Hi All,

 I activeted the AIOps for NGFW on my account.

All firewall seems to be connected to Telemetry, I onboarded all on DataLake but they are still disconnected:

staltari_0-1665475530596.png

What can I do?

 

0 Likes Likes
18 REPLIES 18

svenkatarama
L3 Networker

‎10-11-2022 06:36 AM

This looks like a screenshot from the CDL App, talking about connectivity for logging. The logging and telemetry, while they both go to the cloud, are actually two different pipelines - one is streaming, and telemetry is actually batch processing. 

 

Can you please check the telemetry pipeline status in your AIOps instance (Settings>Inventory)

0 Likes Likes

staltari
L1 Bithead

‎10-11-2022 08:10 AM

Here, is wrote to onboard NGWF on CDL: https://docs.paloaltonetworks.com/aiops/aiops-for-ngfw/get-started-with-aiops/onboard-devices

 

Anyway, I can't find any Settings menu in the AIOps instance.

staltari_0-1665500716901.png

Last but not the list, the instance is associating me to a not correct tenant.

As usual, Palo Alto cloud apps are a mess...

 

 

0 Likes Likes

staltari
L1 Bithead

‎10-11-2022 08:45 AM

What a mess! (as usual)

 

I found the "telemetry" CDL instance but is in US. No chance to move in europe (obviously I need my data in Europe).

I choose to create the AIOps instance in "Germany" then it can't see US telemetry CDL in US and neither the regular one in the Netherlands. No way to create the AIOps instance in the Netherlands.

I ceated a new AIOps in US, associated to the the "telemetry" CDL in US, but I can't onboard firewalls that are already ondoarder on the regular CDL in the Netherlands.

 

I tried to open a support case and they send me to ask to the community...

0 Likes Likes

svenkatarama
L3 Networker
In response to staltari

‎10-11-2022 10:57 AM

There are a few things to be aware of here / check into here - 

 

  1. In general, the telemetry follows the region that you set up as the logging region. Is that currently Americas?
  2. The Germany instance of AIOps can only work with a Germany-based CDL. All other CDL regions are currently serviced by AIOps running in Americas-based servers. We plan to expand this over time, but currently, this is the limitation.
  3. From the screenshot you posted here, in your AIOps activation, it looks like you did not point it to a CDL tenant (or it did not take that setting). You can do that by clicking the 3 dots beside the icon on the hub, clicking edit, and selecting the CDL tenant.


An overview of the activation process is here - https://live.paloaltonetworks.com/t5/customer-journey-aiops-for-ngfw/onboarding/ta-p/468635?attachme...

(This is the link in the Live Community pages - LIVEcommunity - Onboarding - LIVEcommunity - 468635 (paloaltonetworks.com)

 

 

 

 

 

 

0 Likes Likes

Bath-Spa
L1 Bithead

‎10-13-2022 08:46 AM

Agree this seems like a right mess, no where did I see in the guides on setting this up that Germany only works in Germany so our firewalls Telemetry Region is set to the United Kingdom when I created the AIOps for NGFW I selected Germany as that's in Europe why would I of thought of choosing the US but I'm seeing no data in AIOps even though the firewall seems to be sending it.

 

But from the comment above I guess it's because our Telementry Region is set to the UK so the AIOps needs to be set to the US for it to work?

 

I've now setup another instance of AIOPs with the region set to the US (now we have two as we cant seem to delete the one in Germany) but when I try and access the US one I get the error "Error: Entitlements not found for user" but the Germany one loads fine!

0 Likes Likes

staltari
L1 Bithead

‎10-13-2022 10:52 AM

My mess is like this:

staltari_0-1665682021097.png

  • AIOps for NGFW instance: no one is working; I can't remove any.
  • 2 Cortex Data Lake istance:
    • one is legacy, where are onboarded all my firewalls; is useless because I've no logging license on firewall; all firewall are Activater and disconnected but I can't remove from there.
    • one is "Telemetry only", is in US, but all my firewalls are set to telemetry to Europe because we are in Europe. have I to move to US? Anyway I can't onboard here because are already boarded on the other. 

The funniest is that once, the US AIOps shown me the status of 8 of my firewalls. Not all, only 8. I can't understand why...

0 Likes Likes

svenkatarama
L3 Networker
In response to Bath-Spa

‎10-13-2022 03:39 PM

Can you give this new instance another try? I understand that the system is not fully up in some cases if this error shows up. 

0 Likes Likes

Bath-Spa
L1 Bithead
In response to svenkatarama

‎10-14-2022 01:16 AM

That is working now and i can login to the AIOps in the US Region but there is still no information in there.  Do I also need to set my telemetry settings on the firewall to send that to the Americas as well because at the moment that is set to the UK and the current telemetry data lake is in the UK

BathSpa_0-1665735375722.png

 

0 Likes Likes

svenkatarama
L3 Networker
In response to staltari

‎10-14-2022 06:38 AM

Please hang on - we are checking to see how the linkages are made on the back end.

 

Are you still able to see the 8 firewalls in the US instance?

0 Likes Likes

svenkatarama
L3 Networker
In response to Bath-Spa

‎10-14-2022 06:41 AM

I see the AIOps instance in Americas is not attached to the CDL in UK.

 

Please click the 3 dots on the right side of the AIOps icon on the hub landing page, click edit, and attach the UK CDL tenant to the AIOps. In a couple of hours or so, the firewall data should show up in the instance, if the data is already flowing into the UK CDL. There should be no need to make any changes to the firewall.

 

0 Likes Likes

staltari
L1 Bithead

‎10-14-2022 08:10 AM

Hi. Now, in the US instance, I can see the same device saw last time: they are 7.

One of those is a demo unit that I already shipped back to Palo Alto months ago.

Can you understand why I can see only these? I have other 9 NGFW configured in the same way.

0 Likes Likes

Bath-Spa
L1 Bithead
In response to svenkatarama

‎10-17-2022 01:16 AM

That fixed our issues in the end,  Thanks for your help Svenkatarama

staltari
L1 Bithead

‎11-06-2022 10:52 PM

Just to update, after a month, I'm still in the same mess. No way to fix, no way to have support. 

0 Likes Likes

sselva
L3 Networker
In response to staltari

‎12-22-2022 04:44 PM

Hi @staltari

 

please give me one serial which is not being shown in US AIOps

 

Thanks and Regards,
Sharan Selva

Product Specialist
 Palo Alto Networks
https://live.paloaltonetworks.com/t5/aiops-for-ngfw-discussions/bd-p/AIOps_for_NGFW_Discussions

Thanks and Regards,
Sharan Selva
Product Specialist
Palo Alto Networks
0 Likes Likes
  • 4047 Views
  • 18 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks