How to disable ztp on a ztp firewall

How to disable ztp on a ztp firewall

117502
Created On 03/05/21 19:19 PM - Last Modified 06/14/23 22:13 PM


Objective


To properly disable ZTP on a ZTP enabled firewall.

Environment


  • Palo Alto Firewall
  • PAN-OS 9.1 and above
  • ZTP (Zero Touch Provisioning).

Procedure


  1. Access ztp firewall via console then run the disable command based on your Device Model
    1. For PA-220-ZTP, PA-220R-ZTP, PA-800-ZTP, PA-850-ZTP, PA-3220-ZTP, PA-3250-ZTP, and PA-3260-ZTP only
    2. > request disable-ztp
    3. For PA-5400, PA-400, PA-410, PA-1400, and PA-3400 only.
    4. > set system ztp disable
  2. Configure the management interface and default gateway:
> configure
# set deviceconfig system ip-address <ip address> netmask <netmask> default-gateway <default gateway> dns-setting servers primary <DNS ip address>
# commit
  1. Issue the following commands:
> set system setting template enable
> set system setting template disable
> set system setting shared-policy enable
> set system setting shared-policy disable
  1. Access your FW User Interface and configure a network interface a dataplane default-gateway and a zone tied up to that interface.
  2. From CLI perform a commit force.
# commit force

 

Additional Information


Use the CLI for ZTP Tasks
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001UiOCAU&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language