After a recent update from 8.1.20 to 9.0.0, we are not able to access the Palo Alto web GUI (hmmm.. can't reach this page)
But we are able to ssh to the device though. We are updating the firmware to the latest version but now need to figure out how to bring up the web gui.
our device model is pa 3020
Hi @SIIX_Support ,
Most likely it is an issue with the certificate. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cli0CAC. During the configuration conversion from 8.1 to 9.0, the cert or or SSL/TLS profile got corrupted.
Changing the certificate configuration and commiting should automatically restart the management plane. If it is not a cert issue, maybe the management plane needs to be bounced. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaGCAS
Please let us know if these steps fix the issue.
Sorry for the late response, we tried the suggested approach but we still unable to login via Gui.
We suspect the issue occurs when we upgrade to firmware from 8.1.20 to 9.0.0.
We just also noticed that even calling the software download or dynamic updates via cli are not functioning.
any other approach we can try?
Can we revert back to 8.1.20? will it there be a risk if we go to this path?
take note we can only access the PA firewall via site to site tunnel.
for your advice.
Hi @SIIX_Support ,
So you can access the GUI from the VPN tunnel? Then check your Monitor > Logs > Unified. Filter on destination IP address = NGFW management interface. See if the traffic is blocked by rule, threat, etc.
In addition to what @TomYoung already mentioned, have you verified that any service routes you have configured on the device were carried over if you're not able to download updates? Also take note that 9.0.0 itself had plenty of issues present, including several that directly addressed GUI issues specifically and an early bug in that code branch that had various issues with appweb that caused the interface to stop responding completely. I might try upgrading the device to 9.0.17 before attempting to downgrade to 8.1 again.
No we cannot access the GUI and only via SSH that we can access the remote firewall.
already performed the certificate approach https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cli0CAC. to no avail.
Have you checked the hard disk if it is full as this can cause such issues?
Also as suggested try to return to the old version and then upgrade to latest 9.0.x version.
This disk is still have enough space.
relating to reverting to the previous working Pan OS software, we found this link as the procedural approach:
Our question is, if we will be coming from ver 9.0 and reverting back to ver 8.1.20 what things we need consider since it will reverting back from a major software version?
Thanks for the advise.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!