Scribd
Upload
12 views

ZTP Configuration Elements

The document provides an overview of the Zero Touch Provisioning (ZTP) process for onboarding firewalls to the Panorama management server. It outlines key components such as the ZTP plugin, Customer Support Portal, one-time password, and the installer admin role necessary for registration and management. The ZTP onboarding process is detailed, including steps for registering firewalls and configuring them to connect with Panorama.

Uploaded by

bibist
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
12 views

ZTP Configuration Elements

The document provides an overview of the Zero Touch Provisioning (ZTP) process for onboarding firewalls to the Panorama management server. It outlines key components such as the ZTP plugin, Customer Support Portal, one-time password, and the installer admin role necessary for registration and management. The ZTP onboarding process is detailed, including steps for registering firewalls and configuring them to connect with Panorama.

Uploaded by

bibist
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

(/content/techdocs/en_US.

html)

Updated on Thu Mar 13 20:26:10 UTC 2025

Home (/) | Panorama (/content/techdocs/en_US/panorama.html)


| Panorama Administrator's Guide (/content/techdocs/en_US/panorama/10-1/panorama-admin.html)
| Manage Firewalls (/content/techdocs/en_US/panorama/10-1/panorama-admin/manage-firewalls.html)
| Set Up Zero Touch Provisioning (/content/techdocs/en_US/panorama/10-1/panorama-admin/manage-firewalls/set-up-zero-touch-
provisioning.html)
| ZTP Overview (/content/techdocs/en_US/panorama/10-1/panorama-admin/manage-firewalls/set-up-zero-touch-provisioning/ztp-
overview.html)
| ZTP Configuration Elements (/content/techdocs/en_US/panorama/10-1/panorama-admin/manage-firewalls/set-up-zero-touch-
provisioning/ztp-overview/ztp-configuration-elements.html)

DOWNLOAD PDF (/CONTENT/DAM/TECHDOCS/EN_US/PDF/PANORAMA/10-1/PANORAMA-ADMIN/PANORAMA-


ADMIN.PDF)

Panorama Administrator's Guide


(/content/techdocs/en_US/panorama/10-
1/panorama-admin.html)
ZTP Configuration Elements

Table of Contents

The following elements work together to allow you to quickly on-board newly deployed ZTP firewalls by automatically adding
them to the Panorama management server using the ZTP service.

ZTP Plugin—The ZTP plugin allows Panorama to connect to the ZTP service and claim a ZTP firewall for simplified on-
boarding.

Customer Support Portal (CSP)—The Palo Alto Networks Customer Support Portal
(https://support.paloaltonetworks.com/) is used to register your Panorama to connect to the CSP to automatically
register newly added ZTP firewalls.

One-time Password (OTP)—A one-time password provided by Palo Alto Networks used to retrieve and install a certificate
on Panorama for it to communicate with the CSP and ZTP service.

Installer—An administrator user created using the installeradmin admin role for ZTP firewall on-boarding. This admin user
has limited access to the Panorama web interface, only allowing access to enter the ZTP firewall serial number and claim
key to register firewalls on the CSP and Panorama. The installer admin can be created on Panorama or created using
remote authentication such as RADIUS, SAML, or TACACS+.

Claim Key—Eight digit numeric key physically attached to the ZTP firewall used to register the ZTP firewall with the CSP.

To-SW-Version—Designate the PAN-OS software version of the ZTP firewall (Panorama > Managed Devices > Summary).
Select the target PAN-OS release, and if the firewall is running an earlier release than the indicated version, the firewall
begins an upgrade loop until the target release is successfully installed.

Panorama can only manage firewalls running a PAN-OS release equal to or less than that installed on
the Panorama.
This site uses cookies essential to its operation, for analytics, and for personalized content and ads. By
continuing to browse this site, you acknowledge the use of cookies. Privacy statement ❯ Cookie Settings
(https://www.paloaltonetworks.com/legal-notices/privacy)
After you successfully install the ZTP plugin on Panorama (/content/techdocs/en_US/panorama/10-1/panorama-
admin/manage-firewalls/set-up-zero-touch-provisioning/install-the-ztp-plugin/install-the-ztp-plugin-on-
panorama.html#idcc25eb36-500d-4e8c-be0e-12ca47a91dd6) and register Panorama with the ZTP service
(/content/techdocs/en_US/panorama/10-1/panorama-admin/manage-firewalls/set-up-zero-touch-provisioning/install-the-
ztp-plugin/register-panorama-with-the-ztp-service.html#id3372527b-3749-4719-84e7-0cad9a18e769), the ZTP on
boarding process continues as follows:

1. Installer (/content/techdocs/en_US/panorama/10-1/panorama-admin/manage-firewalls/set-up-zero-touch-
provisioning/configure-the-ztp-installer-administrator-account.html#id3c162b62-a73a-4d31-8ff5-381cc30d82cc) or IT
administrator registers ZTP firewalls (/content/techdocs/en_US/panorama/10-1/panorama-admin/manage-firewalls/set-
up-zero-touch-provisioning/add-ztp-firewalls-to-panorama.html#id1d38c2a5-2fc9-4dba-93bd-212e632e2adc) by adding
them to Panorama using the firewall serial number and claim key.

2. Panorama registers the firewalls with the CSP. After the firewalls are successfully registered, the firewall is associated
with the same ZTP tenant as the Panorama in the ZTP service.

ZTP firewalls successfully registered with the ZTP service are automatically added as managed firewalls (Panorama >
Managed Devices) on Panorama.

3. When the firewall connects to the Internet, the ZTP firewall requests a device certificate from the CSP in order to connect
to the ZTP service.

4. The ZTP service pushes the Panorama IP or FQDN to the ZTP firewalls.

5. The ZTP firewalls connect to Panorama and the device group and template configurations are pushed from Panorama to
the ZTP firewalls.

This site uses cookies essential to its operation, for analytics, and for personalized content and ads. By
continuing to browse this site, you acknowledge the use of cookies. Privacy statement ❯
(https://www.paloaltonetworks.com/legal-notices/privacy)
Was this information helpful?

Yes No

Next
Previous (/content/techdocs/en_US/panorama/10- (/content/techdocs/en_US/panorama/10-
Install
1/panorama-admin/manage-firewalls/set-up- 1/panorama-admin/manage-firewalls/set-up-
About the
zero-touch-provisioning/ztp-overview/about- zero-touch-provisioning/install-the-ztp-
ZTP ztp.html) ZTP plugin.html)
Plugin

Technical Documentation Co

Release Notes (/content/techdocs/en_US/release-notes.html) Abo


Search (/content/techdocs/en_US/search.html) Care
Blog (https://www.paloaltonetworks.com/blog/category/technical- Cus
documentation/) LIVE
Compatibility Matrix (/content/techdocs/en_US/compatibility- Kno
matrix.html)
OSS Listings (/content/techdocs/en_US/oss-listings.html)
Sitemap (/content/techdocs/en_US/sitemap.html)

(https://www.facebook.com/PaloAltoNetworks) (https://w
(https://www.youtube.com/channel/UCPRouchFt58TZnjoI65aelA)

(/content/techdocs/en_US.html) © 2025 Palo Alto Ne

This site uses cookies essential to its operation, for analytics, and for personalized content and ads. By
continuing to browse this site, you acknowledge the use of cookies. Privacy statement ❯
(https://www.paloaltonetworks.com/legal-notices/privacy)

You might also like