- When you spin up a new firewall instance in AWS, VMWare, Azure or other environment, the initial session capacity is 1248 sessions. This can be verified from WebUI -> Dashboard -> System Resources Widget -> Session count
- Once you apply the licenses by activating the authorization code under Device tab -> Licenses -> License Management, the VM instance reboots and shows the session count as per the license applied.
ex.
VM-50: 50,000 sessions
VM-100: 250,500 session
VM-500: 2,000,000 sessions an so on...
- However after any subsequent reboot, the firewall loses session capacity and the session count drops to 1248 sessions.
2017-08-04 17:20:05.095 -0700 vmlib INFO vm_license_check: Decrypting license file: /opt/pancfg/mgmt/licenses/PA_VM_.key 2017-08-04 17:20:05.199 -0700 vmlib INFO vm_license_check: uuid : EC265B5D-2FE2-F69F-944F-85264DC9E3A4^M 2017-08-04 17:20:05.199 -0700 vmlib INFO vm_license_check: cpuid : AWS:F1060400FFFB8917^M 2017-08-04 17:20:05.199 -0700 vmlib INFO vm_license_check: expire : 2018/06/23^M 2017-08-04 17:20:05.200 -0700 vmlib INFO vm_license_check: pl : 0 2017-08-04 17:20:05.200 -0700 vmlib INFO vm_license_check: cap : 500^M 2017-08-04 17:20:05.252 -0700 vmlib INFO vm_license_check: File system size check for nolic... 2017-08-04 17:20:05.520 -0700 vmlib INFO vm_license_check: Applying nolic license capacity. --->>> Issue, applying no license capacity 2017-08-04 17:20:05.520 -0700 vmlib INFO vm_license_check: Applying nolic license capacity, prepare /etc/cfgdb_license/cfgdb.nolic.xml and /etc/cfgdb_license/cfgdb.nolic.xml
Resolution
- Issue with the licensing server was fixed which was causing UUID check failures resulting in applying no license capacity of 1248 sessions. From this point in time (August 11 2017 at 10:45 AM PST) , issue should no longer seen when a new instance is created.
- However instances that were deployed prior to August 11, if you encounter this issue after rebooting the instance, the quickest way to resolve is to spin up a new instance and apply the auth code to get the desired session capacity. Then migrate the config by exporting the device state from old to new instance by following the below steps:
Step 1: Apply licenses to the new VM using the same auth code and verify session capacity. Reboot this instance to verify the session capacity is not lost.
** Note if the auth code is completely provisioned with no space to accomodate additional VM's, note down the serial number and follow step 6 to restore the quantity provisioned (reclaim license)