Firewall shows disconnected from Panorama after upgrade to 10.1.5-h1

cancel
Showing results for 
Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Firewall shows disconnected from Panorama after upgrade to 10.1.5-h1

L2 Linker

Just upgraded one of my standby firewalls from 10.1.5 to 10.1.5-h1 for the OpenSSL vulnerability and after the install and reboot it shows disconnected in Panorama (also confirmed via the cli show panorama-status).  My Panorama has already been running 10.1.5-h1 for the last week or so with no issues.   I have opened a P1 support case but haven't heard anything yet and imagine it will be hours or days so hoping someone here has run into this?  

1 ACCEPTED SOLUTION

Accepted Solutions

Cyber Elite
Cyber Elite

Try this:

  1. Generate a new auth key on panorama
  2. Enter this command on the firewall "request sc3 reset"
  3. Restart the management server process with "debug software restart process management-server"
  4. Log in to the firewall again and enter "request authkey set " followed by the auth key you generated on panorama
  5. Enter config mode on the firewall and do a commit force

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

Try this:

  1. Generate a new auth key on panorama
  2. Enter this command on the firewall "request sc3 reset"
  3. Restart the management server process with "debug software restart process management-server"
  4. Log in to the firewall again and enter "request authkey set " followed by the auth key you generated on panorama
  5. Enter config mode on the firewall and do a commit force

L2 Linker

You are amazing!  Thank you so much.  Support had absolutely no clue how to fix this!

Huge thank you mate! Had the same problem after upgrading to 10.1.5-h2 from 10.0.8. Been fighting for hours with it before I was about to go to TAC but your fix worked perfectly. 

Do you have to generate a new auth key on panorama for each FW? This process does not work if the FW Device Groups and Templates is control by PAN.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!