Unable to access web console via HTTP or HTTPS. Access via SSH is possible.
This could be due to the absence of the Web GUI certificate. Since SSH access is possible, a new certificate can be created from the CLI. The following command will generate a certificate named webuicertdemo with a FQDN of panlab.com:
> request certificate generate certificate-name webuicertdemo name panlab.com
To make use of this certificate for Web-UI purpose, enter the following command:
> configure # set deviceconfig system web-server-certificate webuicertdemo # commit # exit
Starting from PAN-OS 7.0 the procedure is slightly different:
> request certificate generate ca yes certificate-name <cert name> name <IP or FQDN> algorithm RSA rsa-nbits 2048
> configure # set shared ssl-tls-service-profile <profile name> certificate <cert name> protocol-settings min-version tls1-0 max-version tls1-2 # set deviceconfig system ssl-tls-service-profile <profile name> # commit # exit