Unable to bootstrap cloud PA-VM and add it to cloud panorama

Unable to bootstrap cloud PA-VM and add it to cloud panorama

10608
Created On 01/06/20 14:58 PM - Last Modified 12/03/24 03:05 AM


Symptom


  • Unable to bootstrap cloud PA-VM and add it to cloud panorama.

Environment


  • VM-series platform: Cloud PA-VMs
  • PAN-OS version: all
  • Plugin version: all

Cause


VM needs outbound internet access to access updates.paloaltonetworks.com in order to fetch the license.

Resolution


  1. Ensure the VM has outbound access to the internet. It should be able to contact Palo Alto Networks license server over https for bootstrap process to activate the auth code. Make sure that inbound access to the management interface is still restricted per best practices.
  2. If the VM's management networks has to be in private subnets for security reason, there needs to be an orchestration server to run a script to fetch CPUID UUID of new VM, register them on support and GET/PUT license keys to install them on firewall.  Examples can be found in the documentation.

NOTE:
We cannot use panorama to activate support license for firewall. Refer Manage Licenses on Firewalls Using Panorama.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PO4tCAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language