Bootstrapping is failing for PA-VM deployed in Azure because of internet issue
10613
Created On 03/18/20 12:33 PM - Last Modified 04/06/20 17:21 PM
Symptom
PA-VM is deployed through bootstrapping process in Azure using Bring your own license (BYOL) model and the firewall instance fails to get config, license or any bootstrapping settings.
- Login to CLI and execute following two commands
>show system bootstrap status
Bootstrap Phase Status Details
=============== ====== =======
Media Detection Failed No bootstrap media detected.
>debug logview component bts_details
s1mp bts_details 2020-02-13 14:23:31: INFO: Running command: status []
s1mp bts_details 2020-02-13 14:23:31: INFO: Bootstrap log initialized
s1mp bts_details 2020-02-13 14:12:12: ERROR: btsErrorNoMedia: No Install media detected.(2)
s1mp bts_details 2020-02-13 14:12:12: DEBUG: Adding status: Media Detection Failed No bootstrap media detected.
s1mp bts_details 2020-02-13 14:12:12: DEBUG: Syslogging: /usr/local/bin/pan_elog -u 12 -e201326619 -s critical -m "No bootstrap media detected." -x
s1mp bts_details 2020-02-13 14:12:12: ERROR: btsErrorNoMedia: No Install media detected.(2)
s1mp bts_details 2020-02-13 14:12:12: INFO: Failed to mount install media: 1 [] [] 4392
=============== ====== =======
Media Detection Failed No bootstrap media detected.
>debug logview component bts_details
s1mp bts_details 2020-02-13 14:23:31: INFO: Running command: status []
s1mp bts_details 2020-02-13 14:23:31: INFO: Bootstrap log initialized
s1mp bts_details 2020-02-13 14:12:12: ERROR: btsErrorNoMedia: No Install media detected.(2)
s1mp bts_details 2020-02-13 14:12:12: DEBUG: Adding status: Media Detection Failed No bootstrap media detected.
s1mp bts_details 2020-02-13 14:12:12: DEBUG: Syslogging: /usr/local/bin/pan_elog -u 12 -e201326619 -s critical -m "No bootstrap media detected." -x
s1mp bts_details 2020-02-13 14:12:12: ERROR: btsErrorNoMedia: No Install media detected.(2)
s1mp bts_details 2020-02-13 14:12:12: INFO: Failed to mount install media: 1 [] [] 4392
- Above highlighted text in CLI output indicates firewall failed to detect media.
Environment
- Platform: VM-Series Firewall
- PAN-OS / Plugin Version: 9.0.5 / -
- Deployment: Azure
Cause
- This can be encountered if the firewall VM is unable to reach/access Azure File Share to pull any bootstrapping information possibly due to missing internet route which is required to make necessary API calls to Azure Fabric
Resolution
- Ensure management traffic is routed via default “system route” points to Internet and not through any of the dataplane interfaces of the FW
- If UDR is used, make sure default route is configured and pointed to correct next hop. To check/Configure the UDR Click on Resource Group > Route Table > Routes > Click/Configure on the Route
- Associate Public IP to private IP assigned to management interface of the firewall instance
- To check/Configure the Public IP Click on Resource Group > eth0 > IP configuration > Click on the IP