Firewall commit fails from panorama push after deployment via software license plugin

Firewall commit fails from panorama push after deployment via software license plugin

3949

Created On 01/26/24 20:17 PM - Last Modified 01/26/24 20:17 PM

Panorama

VM-Series

Symptom

Firewall commit fails from panorama push after deployment via software license plugin

Environment

pa-vm bootstrapped via sw_fw_lic workflow
Panorama with software firewall license plugin

Cause

If we use sw_fw_lic workflow, we cannot have authcodes under /license or AV or content under /content in 10.1.x or lower
Committing policies will fail after panorama push due to AV and content not up-to-date

Resolution

Use 10.2.x for pan-os and panorama that has the feature to automatically push Dynamic updates at connecthttps://docs.paloaltonetworks.com/pan-os/10-2/pan-os-new-features/panorama-features/automatic-content-push-for-vm-series-and-cn-series-firewalls
.We can either manually update Dynamic Updates or create customer image that includes the AV and content
Create custom image that has the AV and content
https://docs.paloaltonetworks.com/vm-series/10-1/vm-series-deployment/set-up-the-vm-series-firewall-on-azure/create-a-custom-vm-series-image-for-azure