https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/not-able-to-set-the-pang-admin-account-password-after-enabling/m-p/1086291#M2323 <P>Hi <SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1159140163">@gustheitguy</a></SPAN> ,</P> <P>&nbsp;</P> <P>I would recommend ssh via private key into the palo. Once ssh'd in , create a separate superuser and use that separate account for auth.&nbsp;</P> Thu, 16 Jan 2025 04:00:36 GMT JayGolf 2025-01-16T04:00:36Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/not-able-to-set-the-pang-admin-account-password-after-enabling/m-p/1016822#M2318 <P>Hello,</P> <P>When I set up my AWS PANG to FIPS-CC mode I am not able to set the admin account password. I tested the paloaltonetworks.panos.panos_admpwd module before enabling FIPS-CC and it works utilizing the priv key (RSA 4096). I successfully set up one firewall on FIPS-CC and set up the admin account password. My VM Mode Amazon AWS<BR />PANG Software Version is 10.1.14-h8. I get the following prompts via my ansible runbook:</P> <P>Enter Palo Alto admin username: <BR />Enter file path and name for key file: <BR />Enter Palo Alto IP address: <BR />Enter new password for admin account: </P> <P>It seems to work before enabling fips-cc mode.</P> <P>my ansible runbook pip file</P> <P>[[source]]<BR />url = "<A href="https://pypi.org/simple" target="_blank">https://pypi.org/simple</A>"<BR />verify_ssl = true<BR />name = "pypi"</P> <P>[packages]<BR />ansible-core = "*"<BR />bcrypt = "==4.0.1"<BR />boto3 = "==1.26.78"<BR />botocore = "==1.29.78"<BR />cffi = "==1.15.1"<BR />cryptography = "==39.0.1"<BR />jmespath = "==1.0.1"<BR />pan-os-python = "==1.11.0"<BR />pan-python = "==0.17.0"<BR />paramiko = "==2.12.0"<BR />pycparser = "==2.21"<BR />pynacl = "==1.5.0"<BR />python-dateutil = "==2.8.2"<BR />s3transfer = "==0.6.0"<BR />six = "==1.16.0"<BR />urllib3 = "==1.26.14"<BR />xmltodict = "==0.13.0"</P> <P>[dev-packages]<BR />ansible = "*"<BR />ansible-lint = "*"</P> <P>&nbsp;</P> <P>Any ideas on why this might not be working?</P> Sun, 12 Jan 2025 06:55:55 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/not-able-to-set-the-pang-admin-account-password-after-enabling/m-p/1016822#M2318 gustheitguy 2025-01-12T06:55:55Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/not-able-to-set-the-pang-admin-account-password-after-enabling/m-p/1017797#M2319 <P>Or maybe there is a FIPS Admin iD/password?</P> <P>My steps are the following,</P> <P><SPAN><SPAN class="col-s-10 col-xxs-12 linkifyWrapper--3jj-MXH70a">Build PANG PAYG firewall-&gt;set complex admin password-&gt;access web management with complex password-&gt;set up "debug system maintenace mode"-&gt;enable fips-cc via the AWS console -&gt; reboot firewall-&gt; attempt to log via web management with the admin account password-&gt; fail</SPAN></SPAN></P> Sun, 12 Jan 2025 08:25:23 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/not-able-to-set-the-pang-admin-account-password-after-enabling/m-p/1017797#M2319 gustheitguy 2025-01-12T08:25:23Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/not-able-to-set-the-pang-admin-account-password-after-enabling/m-p/1086291#M2323 <P>Hi <SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1159140163">@gustheitguy</a></SPAN> ,</P> <P>&nbsp;</P> <P>I would recommend ssh via private key into the palo. Once ssh'd in , create a separate superuser and use that separate account for auth.&nbsp;</P> Thu, 16 Jan 2025 04:00:36 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/not-able-to-set-the-pang-admin-account-password-after-enabling/m-p/1086291#M2323 JayGolf 2025-01-16T04:00:36Z