PA-450 License Issue

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PA-450 License Issue

L4 Transporter

Hi Team,

Is there any known issues with the License Tab in PA-450 as our new firewall is not showing anything on the license TAB. I have added the devcie in the support portal but to fetch the license i am not able to see anything in the tab. I upgraded the device from 10.1.0 to 10.1.8 just to check if it helps but no use.

Regards,

Sanjay S

9 REPLIES 9

L4 Transporter

Hello @Sanjay_Ramaiah , good evening

 

Make sure that through the MGT interface your Firewall has access to the Internet, you can test from CLI/SSH ping host updates.paloaltonetworks.com. Make sure it responds and resolves.

Make sure you have set the DNS so that the firewall can resolve the addresses.

 

Once you have validated these two points, re-apply a Retrieve Lincense, in the licensing section.

 

Regards

High Sticker

Thank you Metgatz for the quick response.

I think i found the issue. It looks to be permissions issue. The user created is Devcie Administrator and this is the only user account 😞 . I am now not able to create a new administrator with Superuser access. 

Is there anyway i can create the superuser access for this now? 

You must have superuser privileges to create an administrative user with superuser privileges

High Sticker

Looks like there is only one user now and that too with the Device Administrator permissions 😞

Is it possible to push it via Panorama?

Yes, if you have superuser in PANORAMA, you can create a push a SuperUser on the target device.

And what happened to the default admin of the firewall ? and that account, what happened to it ? was it renamed or deleted for security reasons ?

Regards

High Sticker

L4 Transporter

Unfortunately to add to Panorama also i need SuperUser access. This was taken from the box and one of our team members set the basic config and gave me the access. Not sure what all has been done. Will check on that. If not can we do Factory reset at least from the Device Administrator account?

What ? You also don't have a Panorama superuser?

 

If you have superuser access with PANORAMA, then don't push from the template, but rather switch context, from Panorama, and select the firewall, it's as if you were standing directly on the firewall and you already create the user superuser.

 

Panorama Context Switch


https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/panorama-overview/centralized-firewall...

 

Now if this does not work, then take a backup, snapshot of the configuration, so that after the hard reset or the factory reset you can import that backup, but make sure to check the Administrator section and see and/or generate a superuser, so that Don't have problems and/or some other lastresort superuser account.

Now for the reset you must restart the equipment and follow these steps:

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldXCAS

 

The other option, if you previously had the user, or the password, in some other backup, that is, before deleting or changing the password, you could also eventually load that config.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkxCAC

 

But if nothing works anymore, then it only remains to restore.

 

 

Cheers

High Sticker

Hi Metgatz,

Problem is this is very new firewall and i am configuring it now. There is no connectivity to Panorama to this device yet. So to setup the connectivity to Panorama it is asking for the SuperUser permissions 😞

I think 2nd option suggested would be much better. But again while importing the Snapshot will not have impact on the Administrators in the Snapshot?

Hello @Sanjay_Ramaiah 

Well, with the backup, with the snapshot of the Firewall config ( remember export snapshot backup to your laptop/PC ), once you do the factory reset import and load the snapshot and look at the Device Administrator section, as you will be with the "admin" default super user, you make sure to create a backup superuser and to check that the admin does not disappear. And any other user/accounts that you have in the firewall or have created, will be in the snapshot.

 

Cheers

High Sticker
  • 1718 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!