How to reset secure communication between firewall and panorama
91849
Created On 08/18/22 08:15 AM - Last Modified 06/01/23 02:12 AM
Objective
Reset secure communication between firewall and panorama
Environment
- PAN-OS 10.1 and above
Procedure
On Panorama
- From CLI run clear device-status deviceid <firewall-sn> (This command is hidden you have to type whole syntax)
- Run command request authkey add devtype <fw_or_lc) count <device_count> lifetime <key_lifetime> name <key_name> serial <device_SN> or from GUI (Panorama> Device Registration Auth Key)
On Firewall
- request sc3 reset
- debug software restart process management-server
- request authkey set <auth_key>
Note:
- If firewalls in HA the sync will happen and both firewalls will be connected. But sometimes you have to perform the same steps on the passive also if it does not connect.
- Please be patient it takes a while for the firewalls to show panorama as connected.
- Make sure Auth key has the serials of the firewalls on Panorama. If not generate a new Auth key and mention the firewall's serial numbers.
- If still firewalls are disconnected check ms.log on the firewalls to gain more info about the issue.
Additional Information
Authentication Key for Secure Onboarding