Prisma Access Remote Networks Stuck at 98% provisioning & Status displays "error"

Prisma Access Remote Networks Stuck at 98% provisioning & Status displays "error"

3054
Created On 10/26/22 01:11 AM - Last Modified 10/04/23 22:42 PM


Symptom


  • After onboarding a new Remote Network via Panorama managed, the cloud services status page shows Remote Networks Provisioning Progress shows to be stuck at 98%
image.png
  • Remote Network Status shows error "The IPSec tunnel is down" (Hovering the mouse over error displays this information)
  • Network Details tab for Remote Networks shows BGP in an incorrect state and cannot fetch IPSec tunnel status
  • Commits still go through fine for the newly onboarded Remote Network
  • Newly onboarded Remote Network is still able to terminate an IPSec Tunnel
  • Newly onboarded Remote Network is still able to establish BGP
  • Querying getFWaaSOverviewStat returns same Provisioning Progress result as the GUI
image.png
 
 

Environment


  • Panorama-managed Prisma Access Firewalls
  • Remote Networks dataplane version10.0.8
  • Panorama PAN-OS 10.1 and above
  • Cloud Services Plugin 2.2 or higher

Cause


  • IPSEC tunnel within Remote Network Template is disabled and this disabled IPSec tunnel is configured on the newly onboarded Remote Network
GUI(panorama): Network > IPsec Tunnels > Select Remote_Network_Template
image.png

Resolution


  1. Delete the IPSec tunnel configuration that is disabled and commit and push.
  2. Once completed, create a new IPSec tunnel configuration that is not disabled followed by a  commit and push.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kEkfCAE&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail