- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-02-2020 02:37 AM
Techs,
I am building a OSS device in parallel to the production one. While uploading the Apps and Threat DB manually I was getting a license error. Hence I tried to install the Apps and Threat license I am getting the error "Error installing license key. Please check if it is a valid key ". I have downloaded the key from paloalto portal itself, its a *.key file.
This device is not connected to the Internet.
How can I fix this license issue?
Regards,
Sabin
01-06-2020 11:38 PM
you can't put licences on an OSS device as it is designed to be 'swap in place and adopt licences from donor', you need to make sure you download the apps-only version of the content file, it will be named something like panupv2-all-apps-xxxx-xxxx
that will install flawlessly on the OSS and then you can go ahead with the PAN-OS upgrade
01-02-2020 04:24 AM
Hi @sabi4evr_com ,
You can keep your OSS uptodate as explained here :
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CltxCAC
As for licensing the OSS ... when the production device fails you'll have to transfer the licenses from the production device to the OSS :
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNMCA0
Hope it helps !
-Kiwi.
01-02-2020 04:34 AM
Hi Kiwi,
I was following the same link you have posted. Now the OSS PAN OS version is 8.0.0. As per the upgrade path I have to flash this with PanOS_3000-8.0.0. While flashing it gives me the error related to 'required a content version of 769 or greater and found 695-42002'.
Hence I have downloaded the 'dynamic updates' from the portal named 'panupv2-all-contents-8214-5792'. But while installing the contents its giving me the error code 'no valid threat prevention license'.
To fix this error, I am trying to install the licenses that I downloaded from portal in *.key format. But resulting in the subject error.
Note: This is a new OSS device, and currently its not connected to the Internet. I am trying to make the OSS PAN OS Version as similar to the production one so that I can import and export other settings from live to OSS.
Thanks,
Sabin
01-06-2020 09:02 PM
I have tried inputting authorization code as well instead of uploading the license file. Getting error "Failed to fetch licenses.
Gents, any help would be much appreciated. Thanks in advance.
01-06-2020 11:38 PM
you can't put licences on an OSS device as it is designed to be 'swap in place and adopt licences from donor', you need to make sure you download the apps-only version of the content file, it will be named something like panupv2-all-apps-xxxx-xxxx
that will install flawlessly on the OSS and then you can go ahead with the PAN-OS upgrade
01-12-2020 03:40 AM
hi @reaper
A big thank you.
I followed your advice, finally I flashed the OSS properly and is version is now parallel to the production.
01-12-2020 03:47 AM
hi @reaper
Just to make sure I am correct. So, during the failure of the production unit I have to import the latest 'Import named configuration snapshot' available to the OSS unit and activate the licenses.. Correct?
Once the snapshot is imported to OSS, will the OSS unit have all the policies, objects and network information as similar to the production one?
Is it advisable to flash import the 'Import named configuration snapshot' to OSS now? Will the OSS unit conflict with the production one?
01-12-2020 04:46 AM
@sabi4evr_com if you want the OSS to be a "hot" unit, you can already put a recent configuration onto it. You will need to disconnect its interfaces as it will else cause IP conflicts with your production
The usual procedure when your production firewall fails is to initiate a replacement from the support portal, this will transfer all your licenses to the OSS
Then, on the oss, fetch the licenses, initiate a content update and import and load your names config backup, then commit the change and hook up your device to the network/enable its interfaces (you could put all seitchports in "shut" until you need to do this, and un"shut" them)
01-19-2020 09:25 PM
thank you @reaper
Much appreciated for all the inputs.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!