04-19-2022 05:12 PM
Just upgraded one of my standby firewalls from 10.1.5 to 10.1.5-h1 for the OpenSSL vulnerability and after the install and reboot it shows disconnected in Panorama (also confirmed via the cli show panorama-status). My Panorama has already been running 10.1.5-h1 for the last week or so with no issues. I have opened a P1 support case but haven't heard anything yet and imagine it will be hours or days so hoping someone here has run into this?
04-19-2022 10:55 PM
Try this:
04-19-2022 10:55 PM
Try this:
04-20-2022 06:58 AM
You are amazing! Thank you so much. Support had absolutely no clue how to fix this!
05-14-2022 04:33 AM
Huge thank you mate! Had the same problem after upgrading to 10.1.5-h2 from 10.0.8. Been fighting for hours with it before I was about to go to TAC but your fix worked perfectly.
05-24-2022 08:39 AM
Do you have to generate a new auth key on panorama for each FW? This process does not work if the FW Device Groups and Templates is control by PAN.
08-24-2022 02:59 PM
CHECK if Palo-HA pair are no longer connected because of an empty “auth-key”?
Panorama → Managed Devices → Summary
<<Check Certification Column (Should have “pre-defined”) >>
(1) –GENERATE-- OR --COPY-- <panorama-auth-key>
Panorama → Device Registration Auth Key
(2) Use Tools and SSH into Firewall :
(a) Start Stopwatch OR Use “paping” tool
https-tcp-ping “paping -p 443 <ip-address-of firewall>”
(c) SSH into Firewall2 : (putty, openssh)
(I) type command “request sc3 reset” (this resets it and gets ready for new auth-code)
(II) type command “debug software restart process management-server”
<< MGT WEB GUI & YOUR SSH connection will be KILLED >>
<< Wait 5 -10 Minutes OR watch paping tool >>
(d) SSH BACK into Firewall :
(I) type command “request authkey set <auth-code-from-step(1)>”
(II) Goto Config Mode type command “configure”
<< Wait 2-3 Min for services to be ready for commit >>
(III) type command “commit forced”
<< Check Output for Errors, Once Done Then >>
(IV) type “exit” press <enter>
(V) type “exit” press <enter>
<< Redo Step (2) with the second firewall in the HA Pair >>
(3) Re-Sync Firewall Data after Panorama shows “connected” in
Panorama → Managed Devices → Summary
(a) Push a config ONLY TO SPECIFIC firewalls to re-synced:
(I) Click → Commit → Push to Devices
(II) Click → Edit Selections
(III) Once on scope selection menu UN-CHECK all other Firewalls
(IV) Click “OK”
02-16-2024 10:27 AM
I have the same problem after upgrading the firewall from 10.1.12 to 10.2.8. I try the procedures above, but no effect , the firewall still show as disconnected from panorama (v. 10.1.9.
05-15-2024 02:25 PM
Edney , Any solution after upgrading one version 10.2.8
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
