Logging service license not assigned from Panorama to FW

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Logging service license not assigned from Panorama to FW

L3 Networker

There's deployment with Panorama and currently one HA PA pair managed by it. Panorama sitting at 9.1.5, firewalls at 9.1.4.

Cortex Data Lake license is assigned to Panorama and seen in the Panorama -> Licenses section. In order for the firewalls to send the logs to Data Lake, I followed this guide: https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-start... and then https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-start... 

Issue: Cannot assign Logging Service license from the Panorama to managed devices - it is simply not present and refresh does not help, meaning I fail at step 2 from the 2nd link. Cloud service from Panorama perspective is validated and seems to be communicating just fine.

So far I've tried:

  • Upgrading Panorama from 9.1.4 to 9.1.5.
  • Removing/re-adding Cloud Plugin to Panorama.
  • Deleting all licenses from the PA and fetching once more via Panorama.

There could be something obvious, but any ideas?

5 REPLIES 5

Cyber Elite
Cyber Elite

Did you already do a "license fetch" on the firewalls? That should install the data lake license and enable logging to the cloud

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Yes, but fetching from firewalls shows only licenses assigned via support portal - GP, URL, Threat & Support, nothing more.

Also tried deleting all of them and fetching again, but same result.

Should the logging license show up in the support portal as well as assigned to the firewall just like other licenses?

@nikoo I am having the exact same problem, did you get an answer?  Is there something that needs to be done in the customer portal?

Sorry, missed your question. In fact it turned out  there were some other licensing issues, so I didn't pursue this much further, although in theory this should have worked even with that exact setup and licenses. So long story short - can't tell right now what went wrong there.

Interesting to know if it was the same issue but mine too was unusual.  Basically a registered the devices under my account and then transferred to the customer account.  However I didn't have visibility and later realised despite my emails the customer didn't except the device transfer so it never picked up the logging service licenses.  Its simple if you can see the devices licenses in the customer portal.

  • 6125 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!