How To Re-Activate a running VM-Series device that was deactivated in the CSP.

How To Re-Activate a running VM-Series device that was deactivated in the CSP.

10864
Created On 05/10/24 19:15 PM - Last Modified 05/10/24 21:43 PM


Objective


To help go through the process of re-registering an existing VM-Series firewall what was deactivated in the CSP.

Environment


  • VM-Series Firewall
  • Activation

Procedure


NOTE: Recommended to perform this during a scheduled maintenance/outage window as there may
be an impact to your environment. 
  1. Verify/validate that the VM-Series device in question was in fact deactivated within the CSP. It
    will not appear in the list of assets / devices.
  2. Click View Devices
Software NGFW Devices
  1. Locate the FW Flex Credit Pool you want to use for the re-activation of the existing device. You may need to create a new deployment profile to match the existing device configuration (vCPU,Memory, Subscriptions)
Software NGFW Credits
  1. Create Deployment Profile
  2. Once the deployment profile is complete, Register the device
Register Firewall
  1. When entering the UUID and CPUID, use the UUID and CPUID currently shown on the deactivated but running device. This will create a new serial number and asset/device within the CSP.
UUID and CPUID
  1. Next, deactivate the local firewall device (This will require a reboot)
  2. Deactivating a VM removes all the licenses/entitlements and places the VM-Series firewall in an unlicensed state; the firewall will not have a serial number and can support only a minimal number of sessions. Because the configuration on the firewall is left intact, you can re-apply a set of licenses and restore complete functionality on the firewall, if needed.
Deactivate VM
  1. Once the firewall comes back up after the reboot, login. You should see that the configuration of the firewall is intact. The serial number on the device should now show unknown.
  2. Apply Licenses and finish the Registration of the VM-Series Device
  3. On the VM-Series Firewall, click DeviceLicenses on the left-hand menu, and click Retrieve License keys from license server
Retrieve license Key from license server
  1. Validate that the firewall now has valid licenses
  2. Verify that the VM-Series Firewall device reflects the serial number created in the device registration step.
  3. If your device was previously managed by Panorama, that device will need to be removed from
  4. Panorama as it will no longer be managed given the change of serial number.
  5. Follow the normal process of transitioning a firewall to Panorama Management .
 
 
 

Additional Information


 
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000010yxNCAQ&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language