04-18-2022 10:28 AM
I used to think I knew how to do this stuff, but apparently not. This is an out of the box configuration of a PA440 -
I set the firewall to configure system in standard mode and use static addressing.
Initial config
set deviceconfig system ip-address 192.168.1.1
set deviceconfig system netmask 255.255.255.0
set deviceconfig system update-server updates.paloaltonetworks.com
set deviceconfig system update-schedule threats recurring weekly day-of-week wednesday
set deviceconfig system update-schedule threats recurring weekly at 01:02
set deviceconfig system update-schedule threats recurring weekly action download-only........
Set system to access remotely on my network
set deviceconfig system ip-address 10.x.z.200
set deviceconfig system netmask 255.255.255.0
After commit
set deviceconfig system ip-address 10.x.z.200
set deviceconfig system netmask 255.255.255.0
set deviceconfig system update-server updates.paloaltonetworks.com
set deviceconfig system update-schedule threats recurring weekly day-of-week wednesday
set deviceconfig system update-schedule threats recurring weekly at 01:02.......
Show system info
hostname: PA-440
ip-address: unknown
netmask: unknown
default-gateway:
ip-assignment: static
ipv6-address: unknown
ipv6-link-local-address: unknown
ipv6-default-gateway.......
admin@PA-440> show interface management
Server error : op command for client dagger timed out as client is not available
admin@PA-440> show interface
all Show all interface information
hardware Show all hardware interface information
logical Show all logical interface information
management Show management interface information
<value> <name> interface name
Thanks for the help in advance.
04-18-2022 07:52 PM
Hi @${userLoginName} ,
This is the CLI config I send my customers:
admin/admin
set cli config-output-format set
configure
set deviceconfig system hostname HOSTNAME
set deviceconfig system type static
set deviceconfig system ip-address x.x.x.x
set deviceconfig system netmask 255.255.255.0
set deviceconfig system default-gateway x.x.x.x
set deviceconfig system dns-setting servers primary x.x.x.x
set deviceconfig system dns-setting servers secondary x.x.x.x
commit
exit
exit
Thanks,
Tom
04-19-2022 10:13 AM
Thank you for the reply - The management interface still isn't taking the address assignment. I am still getting:
ip-address: unknown
netmask: unknown
when I do show system info. The interface doesn't ping. I am at a loss.
Thx for the help/
04-19-2022 01:11 PM
Was the commit successful when you configured the IP address and other things? What PAN-OS version is installed on that box? Maybe a dumb question, but did you try to reboot the box already?
04-19-2022 02:49 PM
May be you didn't disable ZTP?
04-19-2022 03:56 PM
Good questions - the commit was successful - no errors. The OS is 10.1.0. Yes, the box has been rebooted and connected to a known good interface on the switch.
04-19-2022 03:57 PM
... but even with ZTP still enabled the command show system info should not show "unknown" for the IP information
04-19-2022 03:58 PM
Is there a command line to turn off ZTP. I told the device to use standard config when it was coming up.
04-19-2022 04:00 PM
After that, did you wait long enough (about 2-3 min) until you tried to configure the IP and started your commit?
04-19-2022 04:07 PM
Please do,
> request disable-ztp
to disable ztp.
To check status, run,
> show system info
and look for "zero-touch-provisioning"
04-19-2022 04:33 PM
yes - i believe so - I waited until the all the lights were green.
04-19-2022 05:03 PM
Is this bad?
admin@PA-Firewall> request disable-ztp
Server error : Not a supported operation on this platform
04-19-2022 10:35 PM
Yes it is. I recommend you to contact support by opening a TAC case.
04-20-2022 10:29 AM
admin@PA-Firewall> show system ztp status
Zero touch provisioning disabled by user
04-21-2022 02:13 PM
@${userLoginName} did you name your firewall manually "PA-Firewall"?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
