Palo Alto Networks Knowledgebase: No service profile found” Error When Deploying the VM-Series with Panorama"

No service profile found” Error When Deploying the VM-Series with Panorama"

2843
Created On 02/07/19 23:38 PM - Last Updated 02/07/19 23:38 PM
Resolution

Issue

When attempting to deploy the VM-Series firewall using Panorama 6.0 or 6.1 and NSX Manager version 6.1, the  “no service profile found” error displays in the Service Composer > Security Policy > Network Introspection Services tab:

sc_1.png

 

Cause

This error displays because NSX Manager 6.1 requires an additional attribute to complete the registration process for the Next Generation Firewall Service.

 

Resolution

To fix this error, you will need to use the XML API to first find the Service ID for the Palo Alto Networks NGFW service and then register the missing attributes to this service.

  1. Install a REST client in your browser.
  2. Use the Authentication option in the REST client to enter the username and password for the NSX Manager.
  3. On the same tab or in a new tab in the REST client, set the request header as follows:
    Name: Content-Type;
    Value: application/xml
    sc_2.png
  4. To view the list of services deployed and the name and service ID for the Palo Alto NGFW Service, use the following API call:
    GET https://<nsx mgr ip>/api/2.0/si/services
    If you receive a 403 status code, it indicates that the login session has expired. Login to NSX Manager again and then check the Response Body (Highlight) tab and search for “Palo”.
    sc_3.png
  5. Locate the service ID associated with the Palo Alto Networks NGFW.
    For example, in the response look for …<serviceId>service-13</serviceId> that precedes the <serviceName>Palo Alto Networks NGFW</serviceName>
  6. Use the following REST API call to provide the additional attribute to the NSX Manager:
    PUT https://<nsx mgr ip>/api/2.0/si/service/service-13/functionalities
    Body:  <set><string>FIREWALL</string></set>
               <set><string>IDS_IPS</string></set>
    sc_4.png
  7. On the NSX Manager, Service Composer > Security Policy > Network Introspection Services tab, verify that the Palo Alto NFGW Service is registered with the IDS IPS, and Firewall attributes, as shown below.
    sc_5.png

owner: mvaidyanathan



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm2iCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language