Strata Cloud Manager (SCM) New firewall Cannot start the Bootstrap with error: "Failed to get device information for device XXX with error Device XXX not found"

Strata Cloud Manager (SCM) New firewall Cannot start the Bootstrap with error: "Failed to get device information for device XXX with error Device XXX not found"

1209
Created On 08/12/25 05:10 AM - Last Modified 11/07/25 19:15 PM


Symptom


Bootstrap Status is Not started with details: "Failed to get device information for device XXX with error Device XXX not found"

error failed to get device information

Environment


Strata Cloud Manager (SCM)

Cause


The error is most likely due to a connectivity issue.

Resolution


Make sure the firewall has a valid device certificate

https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/certificate-management/obtain-certificates/device-certificate

 

Make sure the firewall is allowed to connect to the SCM.

  • TCP-3978 is the default port used to connect to the cloud and it is usually blocked.
  • TCP-443 can be used starting PAN-OS 11.2.

https://docs.paloaltonetworks.com/whats-new/new-features/may-2024/strata-cloud-manager-connectivity-using-port-tcp-443

 

 

tcp 443 or default port to access the cloud

 

CLI> expected output when it is working (Connected: Yes)

admin@firewall> show cloud-management-status

Managed by Cloud Management Service
    Endpoint     : 38460c6a-6cf0-4c97-a725-7e68005266c2.prod.sg.ngfw.cloudmgmt.paloaltonetworks.com
    Connected      : yes
    DNS:
       msg: Successfully resolved FQDN
       status: success
       timestamp: 2025/08/12 12:47:38
    TCP:
       msg: TCP channel established
       status: success
       timestamp: 2025/08/12 12:47:38
    SSL:
       msg: SSL channel established
       status: success
       timestamp: 2025/08/12 12:47:38

 

You can ping the "Endpoint" domain name to find out the destination IP address you need to allow and/or troubleshoot

admin@firewall> ping host 38460c6a-6cf0-4c97-a725-7e68005266c2.prod.sg.ngfw.cloudmgmt.paloaltonetworks.com
PING virtus.prod.sg.ngfw.cloudmgmt.paloaltonetworks.com (34.87.41.129) 56(84) bytes of data.
64 bytes from 129.41.87.34.bc.googleusercontent.com (34.87.41.129): icmp_seq=1 ttl=104 time=230 ms
64 bytes from 129.41.87.34.bc.googleusercontent.com (34.87.41.129): icmp_seq=2 ttl=104 time=231 ms
^C
--- virtus.prod.sg.ngfw.cloudmgmt.paloaltonetworks.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 230.066/230.329/230.593/0.547 ms
admin@firewall>

 

Also, make sure the SCM license or Activation Code is not expired.

Additional Information


  • TCP Ports and FQDNs Required for Strata Cloud Manager

https://docs.paloaltonetworks.com/ngfw/administration/onboard-devices-and-deployments/tcp-ports-and-fqdns-required-for-cloud-management
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000fy2dKAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail