When log forwarding from aPalo Alto Networks NGFWto theStrata Logging Service (formerly Cortex Data Lake)becomes disconnected, the primary aspect to review isdevice certificates. This is because the firewall usescertificatesfor mutual authentication with the logging service. If these certificates are missing, expired, or invalid, the firewall will fail to establish a secure connection, preventing log forwarding.
Authentication Requirement– The NGFW uses a Palo Alto Networks-issued device certificate for authentication before it can send logs to the Strata Logging Service.
Expiration Issues– If the certificate has expired, the NGFW will be unable to authenticate, causing a disconnection.
Misconfiguration or Revocation– If the certificate is not properly installed, revoked, or incorrectly assigned, the logging service will reject log forwarding attempts.
Cloud Trust Relationship– The firewall relies on secure cloud-based authentication, where certificates validate the NGFW’s identity before log ingestion.
Check Certificate Status
Navigate toDevice > Certificatesin the NGFW web interface.
Verify the presence of a validPalo Alto Networks device certificate.
Look for expiration dates and renew if necessary.
Reinstall Certificates
If the certificate is missing or invalid, reinstall it by retrieving the correct device certificate from thePalo Alto Networks Customer Support Portal (CSP).
Ensure Correct Certificate Chain
Confirm Connectivity to Strata Logging Service
Ensure that outbound connections to the logging service are not blocked due to misconfigured security policies, firewalls, or proxies.
(B) Decryption Profile– SSL/TLS decryption settings affect traffic inspection but have no impact on log forwarding.
(C) Auth Codes– Authentication codes are used during theinitial device registrationwith Strata Logging Service but do not impact ongoing log forwarding.
(D) Software Warranty– The firewall’swarrantydoes not influence log forwarding; however, anactive support licenseis required for continuous access to Strata Logging Service.
Firewall Deployment– Certificates are fundamental to secure NGFW cloud communication.
Security Policies– Proper authentication ensures logs are securely transmitted.
Threat Prevention & WildFire– Logging failures could impact threat visibility and WildFire analysis.
Panorama– Uses the same authentication mechanisms for centralized logging.
Zero Trust Architectures– Requires strict identity verification, including valid certificates.
Key Reasons Why Device Certificates Are CriticalHow to Verify and Fix Certificate IssuesOther Answer Choices AnalysisReferences and Justification:Thus,Device Certificates (A)is the correct answer, as log forwarding depends on a valid, authenticated certificate to establish connectivity with Strata Logging Service.
