Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-17-2020 07:26 AM
Under Device -> Setup -> Management -> Device Certificate, I am unable to fetch the device certificate.
A message box says get your one-time-password from the Customer Support Portal and enter it below. I tried my 2-factor OTP that I use to login to the support portal, but that doesn't work. How do I generate the OTP to get the device certificate?
I get the error: Failed to fetch device certificate.OTP is not valid
05-22-2020 05:02 AM
There is an option to generate OTPs for registered devices in the Customer Support Portal.
Assets -> Device Certificates
05-18-2020 06:29 AM
Same here after Panorama upgrade 9.1.1 -> 9.1.2.
05-18-2020 06:40 AM - edited 05-18-2020 06:41 AM
Mine occurred after downloading renewed yearly subscriptions, or perhaps just the first time I noticed it. I am on 9.0.8.
05-19-2020 06:04 AM
Running 9.1.2. Anyone know where to get the OTP?
05-19-2020 06:09 AM
Not yet. I have a case running with our support partner about this.
05-22-2020 05:02 AM
There is an option to generate OTPs for registered devices in the Customer Support Portal.
Assets -> Device Certificates
05-22-2020 05:16 AM
Thanks. duh.. I should have seen that.
05-22-2020 05:47 AM
Thanks.
Indeed, should've seen it...
Anyhow, my issue is fixed.
05-29-2020 07:34 PM
Thanks, i did this and the new cert is good for 3 months.
Why is this necessary? I've never had the issue before v9.1.2.
Am I going to have to do this every 3 months from now on?
06-17-2020 11:33 AM
The option for provide a Device Certificate appears in a new section on the Device > Setup > Management page.
This option is part of an enhancement to the telemetry system and will be documented in the next major release of the software. As of today (2020 June 17), you need to be part of the 9.2 beta program to find this documented in the "New Features Guide". Since the feature does appear in the already released 9.1.2, I want to explain what it is here.
By default, all telemetry data is collected and stored locally on your device for a limited period of time. Going forward, this data can not be shared with Palo Alto Networks unless your organization has a Cortex Data Lake license or a device certificate is configured for your firewall.
So, why suddenly is there a Device Certificate option in PAN-OS 9.1.2? Ans: To support connections back to Palo Alto Networks to transfer telemetry data to the Data Lake.
Is a Device Certificate required? Will the operation of my firewall change if I do not supply one? Ans: The Device Certificate is required only to send telemetry data and if you are not already running Panorama and sending logs to the Cortex Data Lake.
Telemetry options are configured on the Device > Setup > Telemetry page.
Hope this helps!
-dgn.
06-18-2020 12:02 AM
Thanks for the headsup.
07-02-2020 03:10 PM
Thank you the explanation.
Is there any ramifications when we enter OTP into the configuration page (eg, will we have to reboot the FW / will there be any downtime, etc)?
07-02-2020 03:13 PM
I didn't have any issues when I updated this.
07-02-2020 03:43 PM
After you enter the OTP, the task may take a minute or two to complete. You can/should monitor it in the Task Manager (click Tasks in the bottom right of the web interface). Download and installation of the certificate does not even require a commit. You should see no interruption of services or data flow.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
