How to reset secure communication between firewall and panorama

How to reset secure communication between firewall and panorama

91849
Created On 08/18/22 08:15 AM - Last Modified 06/01/23 02:12 AM


Objective


Reset secure communication between firewall and panorama

Environment


  • PAN-OS 10.1 and above 

Procedure


On Panorama

  1. From CLI run clear device-status deviceid <firewall-sn> (This command is hidden you have to type whole syntax)
  2. Run command request authkey add devtype <fw_or_lc) count <device_count> lifetime <key_lifetime> name <key_name> serial <device_SN> or from GUI (Panorama> Device Registration Auth Key)

On Firewall

  1. request sc3 reset
  2. debug software restart process management-server
  3. request authkey set <auth_key>

Note:

  • If firewalls in HA the sync will happen and both firewalls will be connected. But sometimes you have to perform the same steps on the passive also if it does not connect.
  • Please be patient it takes a while for the firewalls to show panorama as connected. 
  • Make sure Auth key has the serials of the firewalls on Panorama. If not generate a new Auth key and mention the firewall's serial numbers.
  • If still firewalls are disconnected check ms.log on the firewalls to gain more info about the issue.


 

Additional Information


Authentication Key for Secure Onboarding
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wlJpCAI&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language