PA-440 Cannot load licenses/auth codes/key into device

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

PA-440 Cannot load licenses/auth codes/key into device

L1 Bithead

My PA-440 will not Retrieve license keys from license server.  I made sure the server addy and DNS was set correctly.  I am not using the ZTP WAN port currently, while I have it in our lab.  I have 1/3 setup as outside facing to ISP and 1/4 setup as local LAN that I can access the internet, successfully on.  I have tried under License Management to retrieve license keys from server, activate auth codes and manually upload key.  Manually it said wrong file format, I downloaded the key files from my portal.  Retrieve and activate fetch failed.  This is my first rodeo, never setup a 440 before, so any help would be greatly appreciated.

 

Thank you all!

Jason Lambert
3 REPLIES 3

Cyber Elite
Cyber Elite

Hello,

By default, the PAN will use the management interface to attempt to grab the licenses so the management interface should be plugged in to a switch or port on the PAN Alternatively, you can change the 'Service Route' to utilize a different interface. The 'use default' is the management interface. Also check to see if you have a NTP server setup. Then check the logs to see why/if the traffic is getting blocked.

OtakarKlier_0-1680644093011.png

 

Regards,

Hi Otakar,

  Thank you for your quick response.  Some background, his firewall is being setup in a lab environment in order to prove out IPsec tunnels to an ASA5512X firewall.  On the initial config the ZTP is disabled, and I have my ISP WAN connection to the firewall on port 1/3 with a static of 50.79.254.81.  I configured port 1/4 w/static IP 10.199.100.1 and I created a management profile call "TEST" and added it to the ethernet interface 1/4 so now I can manage and get out to internet from 1/4 on laptop with static of 10.199.100.5.  Nothing currently plugged into Management port on PAN.  I check my NTP server setup and looked ok, I tried to add a service route as you suggested but made no difference after the commit.  Even if I plug in my ISP with static IP to management port on PAN I cannot reach the Licenses servers for Palo.  The Management port has IP address of 10.99.1.2 and gateway of 10.99.1.1.  Here are some pic's to show current config.  Any suggestions on why I it will not reach out to Palo servers would be greatly appreciated.

Ethernet.PNGInterface Managment.PNGManagment Interface.PNGServices.PNG

Jason Lambert

Cyber Elite
Cyber Elite

Hello,

I would not advise to hook the ISP into the management port, but understand the process. I would connect your ISP like you have it into port 1/3 then change the 'service routes' to use interface 1/3. Create security policies to allow the 1/3 interface/zone to go out to the internet and browse. Make sure you have logging enabled at session end on all security policies.

Regards,

  • 1555 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!