How to resolve errors when migrating from Panorama mode to Management-only mode
8058
Created On 07/12/22 05:05 AM - Last Modified 02/18/23 05:16 AM
Objective
The article provides resolution for 2 different errors seen when when migrating from Panorama mode to Management-only mode
Environment
- Any Panorama.
- PAN-OS 9.1 and above.
- Migration from panorama mode to management mode.
Procedure
Following are the two errors one may face when trying to migrate Panorama to management-only mode.
- Error due to few devices not part of collector groups.
- All the Firewalls must be part of the collector-group.
- Note: If the firewalls are not a part of collector group, then the firewalls will keep forwarding the logs to Panorama and Panorama will discard these logs due to it being in management-only mode. For this reason all firewalls must be a part of collector group.
admin@Panorama> request system system-mode management-only
Executing this command will change the system to management-only mode, logs will be removed. This will restart the system. Are you sure you want to continue? (y or n)
Server error : Failed to change to management-only mode.
cannot switch to management-only mode; all devices must be included in log-collector-group(s).
For resolving the above error refer to "Error when switching mode from Panorama to management-only"
- Need to uninstall plugins before mode change.
admin@Panorama> request system system-mode management-only
Executing this command will change the system to management-only mode, logs will be removed. This will restart the system. Are you sure you want to continue? (y or n)
Server error : Failed to change to management-only mode.
Plugins need to be uninstalled before system mode change
Resolution:
- Take a backup of the config before removing the config for the plugins and uninstalling the plugins.
- Once the system mode is changed, install the plugins and then restore the backed up config on the panorama.