Panorama Connectivity Issues to Prisma: OTP errors

Printer Friendly Page

Symptoms

While setting up Prisma Access, you run into the following issues:

  1. Panorama unable to connect to Prisma
  2. SSL Certificate Error when querying for logs
  3. Error while generating OTP
  4. Plugin not responding
  5. OTP Verification failure
  6. 'Failed to verify account. Failed to complete feature/license checks'

 

Diagnosis

Please make sure the ports and URLs below are whitelisted for Prisma communication.

NOTE: More info at Set Up Prisma Access

  • Port 444 (for Cortex Data Lake)
  • api.lc.prod.us.cs.paloaltonetworks.com (for Cortex Data Lake)
  • api.gpcloudservice.com (for Prisma Access)
  • api.paloaltonetworks.com (for Prisma Access)
  • apitrusted.paloaltonetworks.com (for Prisma Access)

 

Solution

 

  1. Delete all Prisma Access (GPCS) licenses existing on Panorama, using the following:
    admin@Panorama> delete license key <prisma_access_related_licenses>         License Types: GlobalProtect_Cloud_Service, GlobalProtect_Cloud_Service_for_Mobile_Users, GlobalProtect_Cloud_Service_for_Remote_Networks, Logging_Service
  2.  
  3. Delete the existing Panorama certificate
    request plugins cloud_services panorama-certificate delete
  4.  
  5. Fetch the licenses from the support site
    request license fetch
  6.  
  7. Reset cloud services endpoint
    debug plugins cloud_services reset-endpoint
  8.  
  9. Fetch the certificate
    request plugins cloud_services panorama-certificate fetch otp <OTP_KEY_FROM_SUPPORT_PORTAL>
  10.  
  11. Verify the OTP
    request plugins cloud_services logging-service status

 

For more information or further assistance, please Start a Topic in Prisma Access Discussions for help from the community.

Tags (4)
Ask Questions Get Answers Join the Live Community
Article Dashboard
Version history
Revision #:
6 of 6
Last update:
a month ago
Updated by:
 
Contributors