Symptoms
While setting up Prisma Access, you run into the following issues:
- Panorama unable to connect to Prisma
- SSL Certificate Error when querying for logs
- Error while generating OTP
- Plugin not responding
- OTP Verification failure
- 'Failed to verify account. Failed to complete feature/license checks'
Diagnosis
Please make sure the ports and URLs below are whitelisted for Prisma communication.
NOTE: More info at Set Up Prisma Access
-
Port 444 (for Cortex Data Lake)
-
api.lc.prod.us.cs.paloaltonetworks.com (for Cortex Data Lake)
-
api.gpcloudservice.com (for Prisma Access)
-
api.paloaltonetworks.com (for Prisma Access)
-
apitrusted.paloaltonetworks.com (for Prisma Access)
Solution
- Delete all Prisma Access (GPCS) licenses existing on Panorama, using the following:
admin@Panorama> delete license key <prisma_access_related_licenses> License Types: GlobalProtect_Cloud_Service, GlobalProtect_Cloud_Service_for_Mobile_Users, GlobalProtect_Cloud_Service_for_Remote_Networks, Logging_Service
- Delete the existing Panorama certificate
request plugins cloud_services panorama-certificate delete
- Fetch the licenses from the support site
request license fetch
- Reset cloud services endpoint
debug plugins cloud_services reset-endpoint
- Fetch the certificate
request plugins cloud_services panorama-certificate fetch otp <OTP_KEY_FROM_SUPPORT_PORTAL>
- Verify the OTP
request plugins cloud_services logging-service status
For more information or further assistance, please Start a Topic in Prisma Access Discussions for help from the community.
