12-21-2022 02:24 AM
Hello,
After a recent update from 8.1.20 to 9.0.0, we are not able to access the Palo Alto web GUI (hmmm.. can't reach this page)
But we are able to ssh to the device though. We are updating the firmware to the latest version but now need to figure out how to bring up the web gui.
our device model is pa 3020
any thoughts?
Thank you.
12-21-2022 05:39 AM
Hi @SIIX_Support ,
Most likely it is an issue with the certificate. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cli0CAC. During the configuration conversion from 8.1 to 9.0, the cert or or SSL/TLS profile got corrupted.
Changing the certificate configuration and commiting should automatically restart the management plane. If it is not a cert issue, maybe the management plane needs to be bounced. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaGCAS
Please let us know if these steps fix the issue.
Thanks,
Tom
12-22-2022 11:26 AM
Hello,
Also try to connect with a different browser. Saved cookies and temp files could be preventing the page from rendering.
Regards,
03-18-2023 01:12 AM
Hello,
Sorry for the late response, we tried the suggested approach but we still unable to login via Gui.
We suspect the issue occurs when we upgrade to firmware from 8.1.20 to 9.0.0.
We just also noticed that even calling the software download or dynamic updates via cli are not functioning.
any other approach we can try?
Can we revert back to 8.1.20? will it there be a risk if we go to this path?
take note we can only access the PA firewall via site to site tunnel.
for your advice.
Thanks
03-18-2023 05:11 AM
Hi @SIIX_Support ,
So you can access the GUI from the VPN tunnel? Then check your Monitor > Logs > Unified. Filter on destination IP address = NGFW management interface. See if the traffic is blocked by rule, threat, etc.
Thanks,
Tom
03-18-2023 10:28 PM
In addition to what @TomYoung already mentioned, have you verified that any service routes you have configured on the device were carried over if you're not able to download updates? Also take note that 9.0.0 itself had plenty of issues present, including several that directly addressed GUI issues specifically and an early bug in that code branch that had various issues with appweb that caused the interface to stop responding completely. I might try upgrading the device to 9.0.17 before attempting to downgrade to 8.1 again.
03-19-2023 03:49 AM
Hi Tom,
No we cannot access the GUI and only via SSH that we can access the remote firewall.
already performed the certificate approach https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cli0CAC. to no avail.
03-19-2023 11:44 AM
Please open the TAC case.
Regards
Mahesh
03-22-2023 07:15 AM
Have you checked the hard disk if it is full as this can cause such issues?
Also as suggested try to return to the old version and then upgrade to latest 9.0.x version.
05-01-2023 02:25 AM
Hi ,
This disk is still have enough space.
relating to reverting to the previous working Pan OS software, we found this link as the procedural approach:
How to Revert PAN-OS to the last installed software using CLI. - Knowledge Base - Palo Alto Networks
Our question is, if we will be coming from ver 9.0 and reverting back to ver 8.1.20 what things we need consider since it will reverting back from a major software version?
Thanks for the advise.
05-01-2023 02:36 AM
For some reason also, we noticed that after moving to ver 9.0, we couldnt download any dynamic update:
"Failed to check upgrade info due to generic communication error. Please check network connectivity and try again"
any idea why this occurs?
Thanks
07-18-2023 08:00 AM
Do you have DNS configured on the PA?
Make sure Firewall can ping and resolve the FQDN like
ping host www.google.com
Regards
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
