Nominated Discussion: Cortex XDR Firewall Configuration Query

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member
No ratings

This Nominated Discussion Article is based on the post "Cortex XDR Firewall configuration query." by @Vinothkumar_SBA  and responded to by @aleksandar.astardzhiev . Read on to see his response!


We have configured the Check Point firewall version (R81.10), but it is not supported for native log ingestion. However, we have checked the official Palo Alto documentation for this link:


-It states that log ingestion and data require a Cortex XDR Pro per GB license.


-We have purchased a TB license.


-I will need to confirm whether it is possible to ingest CEF logs from Check Point software version R81.10.


Hi @Vinothkumar_SBA ,


There is no change for the retention after license migration from "per TB" to "per GB".

As explained here -  "per GB/TB" license are ingestion only, meaning they don't effect retention periond.


Which means you should have (by default) 30days of hot retention for ingested data and 180 days of hot retention for alerts and incidents (created by XDR). If you need extend that you need to order license add-ons, details for which you can see in the link above.


Rate this article:
Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎07-07-2023 01:22 PM
Updated by: