05-24-2022 12:11 AM - edited 05-24-2022 12:14 AM
After tried to delete AWS account inside CloudNGFW portal, Now status is "deleting" for 4 hours already
Is it take so long time?
I can not add a new account, It seem support onboard only 1 account
05-31-2022 10:53 AM
This was caused by creating a firewall in the account and then using the same account to onboard to FMS with that original firewall still existing. There is an enhancement that allows users to work on both FMS and nonFMS use cases so that users can keep resources created when just onboarded as nonFMS users, then later onboard FMS and create resources by FMS policy, we will allow both to exist and operate at the same time.
Edison K Benny
Product specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
*Don’t forget to accept the solution provided!*
05-24-2022 09:01 AM
Did you try deleting the CFT template in your AWS account that you ran for IAM permissions?
05-24-2022 08:36 PM
Yes!, After waiting for many hours, Then deleted CFT 😂
05-24-2022 11:02 PM
So is the status still showing deleting?
05-31-2022 10:53 AM
This was caused by creating a firewall in the account and then using the same account to onboard to FMS with that original firewall still existing. There is an enhancement that allows users to work on both FMS and nonFMS use cases so that users can keep resources created when just onboarded as nonFMS users, then later onboard FMS and create resources by FMS policy, we will allow both to exist and operate at the same time.
Edison K Benny
Product specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
*Don’t forget to accept the solution provided!*
06-13-2022 06:40 AM
I too have the same issue.
1. When you upgrade a standalone tenant account to an admin account for AWS FMS onboarding, deleting the NGFW resource goes for a whack.
2. After waiting for an hour, i ended up deleting the stackset and the endpoint from my account thinking i need to clean up my account before the ngfw firewall resource will be cleaned up.
3. I even revoked the admin access for my AWS account to make sure everything is clean from my side and then upgraded my account to administrator account again to try set things right. But no luck!
4. The one thing that i noticed is that if i get to the "Firewall Settings" page, i get an error "Account XXXX does not exist as a member".
5. I cannot add another AWS account now since the account is already onboarded (and i get a prompt popup mentioning the same)
Somewhere, a disconnect/access permission issue makes it harder for the ngfw resources to get stuck in deleting state.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
