Common operational tasks, besides rulesets, external networks and namespaces evolve around 3 additional topics:
-
Upgrade Enforcers
-
Import/Export the configuration
-
Manage certificates and App credentials
-
Roles and Permissions
Let’s look into each topic in more details.
You can upgrade Enforcers in two ways:
-
Using the Microsegmentation Console
-
Using apoctl
Navigate to Agent/Enforcers and verify the Enforcer version by expanding its details
|
Tip
|
You can identify if a new Enforcer version is available when the upgrade button appears for your Enforcers. |
You can select a single or multiple Enforcer by enabling the multiselect option
The UI will list the selected Enforcer(s) versions and the version you want to upgrade to (latest or a custom version)
Once the upgrade process begun, Enforcers will briefly disconnect and its status will transition from "disconnected migration running" back to "connected"
You can check again at the Enforcer version to confirm that it is now in the desired version.
Importing and Exporting configuration is a common task if you implement microsegmentation using "policy as code" concepts.
Select the namespace of interest, navigate to Manage/Data Management, select the objects you want to export, assign a label to the file and click on Download
Navigate to Manage/Data Management, choose the namespace where you want to import the objects (if on a parent), select the file you want to import, Import
You can use apoctl to manage your configurations.
You can export a configuration using the command apoctl api export --label "<label>" -n <namespace> -f <filename>
You can import a configuration using the command apoctl api import -f <filename> -n <namespace>
For additional options, please check the apoctl documentation.
You can manage external certificates and credentials using the Prisma Cloud console.
Navigate to Manage/Credentials and select the App Credentials tab
-
Step 1 → Click on the + sign to create a new App Credential
-
Step 2 → Name it and define the permissions you want to assign to the credential
-
Step 3 → Save it in the desired format.
|
Tip
|
If you’re using the app credential to use it with apoctl, save it as an App Credential
|
For more details about roles and permissions, please read this page
You can use renew your app credentials. To do this, click on the Renew icon
A warning message will be displayed stating that the certificate will be renewed and the old certificate will stop working 12h after this operation is done.
Once renewed, a new certificate is provided, and it needs to be distributed to its proper users/services
For some tasks that involved external resources that use SSL certificates such as:
-
Rulesets that traverses TLS enabled Load Balancers)
-
TLS enabled syslog collectors
-
TLS enabled proxies
You need to import the device certificate into Prisma Cloud console.
In order to do this, navigate to Manage/Certificates and select the Certificate Management tab
-
Step 1 → Click on the New Service Certificate icon
-
Step 2 → Import the public and private keys into the console and click on Create
For additional details about roles and permissions, please read this page