Device Certificate - Where to find OTP?

Reply
Highlighted
L3 Networker

The option for provide a Device Certificate appears in a new section on the Device > Setup > Management page.

 

This option is part of an enhancement to the telemetry system and will be documented in the next major release of the software. As of today (2020 June 17), you need to be part of the 9.2 beta program to find this documented in the "New Features Guide". Since the feature does appear in the already released 9.1.2, I want to explain what it is here. 

 

By default, all telemetry data is collected and stored locally on your device for a limited period of time. Going forward, this data can not be shared with Palo Alto Networks unless your organization has a Cortex Data Lake license or a device certificate is configured for your firewall. 

 

So, why suddenly is there a Device Certificate option in PAN-OS 9.1.2? Ans: To support connections back to Palo Alto Networks to transfer telemetry data to the Data Lake.

 

Is a Device Certificate required? Will the operation of my firewall change if I do not supply one? Ans: The Device Certificate is required only to send telemetry data and if you are not already running Panorama and sending logs to the Cortex Data Lake. 

 

Telemetry options are configured on the Device > Setup > Telemetry page.

 

Hope this helps!

-dgn.

Highlighted
L1 Bithead

Thanks for the headsup.

L4 Transporter

@dgnewell 

 

Thank you the explanation.

 

Is there any ramifications when we enter OTP into the configuration page (eg, will we have to reboot the FW / will there be any downtime, etc)?

 

 

Highlighted
L3 Networker

I didn't have any issues when I updated this.

Highlighted
L3 Networker

After you enter the OTP, the task may take a minute or two to complete. You can/should monitor it in the Task Manager (click Tasks in the bottom right of the web interface). Download and installation of the certificate does not even require a commit. You should see no interruption of services or data flow. 

Highlighted
L0 Member

I recently installed the device certificate and it is valid only for 3 months. Do I have to install it in every 3 months?

Highlighted
L3 Networker

Mine last renewed at 4:52am, so I think it is automatic.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!