How to disable ztp on a ztp firewall
160334
Created On 03/05/21 19:19 PM - Last Modified 06/14/23 22:13 PM
Objective
To properly disable ZTP on a ZTP enabled firewall.
Environment
- Palo Alto Firewall
- PAN-OS 9.1 and above
- ZTP (Zero Touch Provisioning).
Procedure
- Access ztp firewall via console then run the disable command based on your Device Model
- For PA-220-ZTP, PA-220R-ZTP, PA-800-ZTP, PA-850-ZTP, PA-3220-ZTP, PA-3250-ZTP, and PA-3260-ZTP only
-
> request disable-ztp
- For PA-5400, PA-400, PA-410, PA-1400, and PA-3400 only.
-
> set system ztp disable
- Configure the management interface and default gateway:
> configure # set deviceconfig system ip-address <ip address> netmask <netmask> default-gateway <default gateway> dns-setting servers primary <DNS ip address> # commit
- Issue the following commands:
> set system setting template enable > set system setting template disable > set system setting shared-policy enable > set system setting shared-policy disable
- Access your FW User Interface and configure a network interface a dataplane default-gateway and a zone tied up to that interface.
- From CLI perform a commit force.
# commit force
Additional Information
Use the CLI for ZTP Tasks