Bootstrapping is failing for PA-VM deployed in AWS
9273
Created On 03/18/20 13:45 PM - Last Modified 06/08/23 18:18 PM
Symptom
PA-VM is deployed in AWS EC2 using bootstrap process and upon boot up it fails to get config, license or any bootstrapping settings
- Log in to the firewall CLI and execute below CLI commands:
>show system bootstrap status
Bootstrap Phase Status Details
=============== ====== =======
Media Detection Failed No bootstrap media detected.
Bootstrap Phase Status Details
=============== ====== =======
Media Detection Failed No bootstrap media detected.
>debug logview component bts_details
s1mp bts_details 2020-01-21 09:23:01: INFO: Bootstrap log initialized
s1mp bts_details 2020-01-21 09:16:15: ERROR: btsErrorNoMedia: No Install media detected.(2)
s1mp bts_details 2020-01-21 09:16:15: DEBUG: Adding status: Media Detection Failed No bootstrap media detected.
s1mp bts_details 2020-01-21 09:16:15: DEBUG: Syslogging: /usr/local/bin/pan_elog -u 12 -e 201326619 -s critical -m "No bootstrap media detected." -x
s1mp bts_details 2020-01-21 09:23:01: INFO: Bootstrap log initialized
s1mp bts_details 2020-01-21 09:16:15: ERROR: btsErrorNoMedia: No Install media detected.(2)
s1mp bts_details 2020-01-21 09:16:15: DEBUG: Adding status: Media Detection Failed No bootstrap media detected.
s1mp bts_details 2020-01-21 09:16:15: DEBUG: Syslogging: /usr/local/bin/pan_elog -u 12 -e 201326619 -s critical -m "No bootstrap media detected." -x
- Above highlighted text in CLI output indicates firewall failed to detect media
Environment
- Platform: PA-VM
- PAN-OS / Plugin Version: 8.1.0 / -
- Deployment: AWS
Cause
- This can be encountered if the firewall instance is unable to reach/access S3 to pull any bootstrapping information possibly due to missing IAM role which is required to make necessary API calls to AWS environment.
Resolution
- Redeploy VM with correct IAM role for bootstrap to succeed.
- Below link provides more info on the IAM roles needed for this operation: