Prerequisites for the Illumio and Palo Alto Networks NGFW Integration
To onboard Palo Alto networks, take the following actions to make sure that logs are properly formatted, aggregated, enriched, and securely transmitted:
You must have a Palo Alto Networks Panorama account with administrator credentials to be able to log into Panorama to configure the syslog server.
You must configure each individual firewall to send logs to Panorama and you must ensure that the necessary network connectivity exists to successfully integrate with the Illumio Syslog Service. To generate and export Common Event Format (CEF) logs from Palo Alto Networks Panorama to a syslog server, you must configure a log-forwarding profile and a syslog server profile.
Note
As part of the onboarding process, Illumio provides a CEF configuration format that includes the Tenant ID.
Performing all of these tasks makes sure that the Palo Alto Networks logs flow into the Illumio application in a secure and structured manner so that you can view the log data and create enforcement policies.