Accessing A New Palo Alto Firewall In The GCP

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Accessing A New Palo Alto Firewall In The GCP

L1 Bithead



We have a virtual Palo Alto firewall (BYOL) in the GCP and were able to change password using the initial access and the ppk file.

We provisioned one more VM firewall in same GCP setup, however this time we are unable to recreate the steps we had done earlier


After the instance is provisioned we have configured ssh key in GCP and from our machine using this command to access new firewall.


ssh -i file.ppk admin@Public IP


It is accepting a key and then it goes ahead and asks for the admin password which should not be the case.


This is not working and I am wondering where we are going wrong?


We tried deleting the firewall instance and re provisioned multiple time, but no luck, getting same error.


From PAN-OS® Release Notes 8.1. I found issue ID PAN-100686 which says that ‘An invalid public key is intermittently applied to the administrator account when deploying a VM-Series firewall in Google Cloud using the Google web interface.’


We are not sure if we are hitting this.


Any comments?

1 accepted solution

Accepted Solutions

L1 Bithead

Issue has been resolved by re-configuring GCP native firewall.


View solution in original post


Community Team Member

Hi @kgsd2019 ,


To get confirmation on wether or not you're hitting a existing bug I'm afraid you'll need to reach out to support.


Maybe anyone else can shed some light here ?




LIVEcommunity team member, CISSP
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Thanks Kiwi for your prompt reply.

I am going to check with support for bug however just want to check with community if anyone else facing the same issue in GCP setup.


L1 Bithead

Issue has been resolved by re-configuring GCP native firewall.


What was the rule name in GCP native firewall? Was it one of those implied rules? We're having exactly the same problem.

L1 Bithead

the GCP integration is really stupid.  Why U can't just change the management password via console as the first step or have the script use a forced admin password change would be easy and get you up and running quick. This is horrible and slow. 

Without details it should not be considered resolved.

L1 Bithead

This problem is not resolved. It should also be noted It is stupid to not have GCP also set the Admin password. 

  • 1 accepted solution
  • 7 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!