- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
08-03-2023 06:42 AM
PA-5220 came with PANOS 9.1 but the customer runs 8.1 on older Panorama gear. After downgrading PANOS they were setup and run successfully. The PA-5220 was reset to factory default for being deployed in a new location. After reboot waited 24 hours and still cannot log in with default admin account.
Booted in to maintenance mode and found the image is still 8.1.24 but there is no valid configuration file found. Not sure if that is why the admin account does not work.
Have tried multiple resets on the PA-5220 but still the same results. This is repeatable as I found another PA-5220 with the same configuration that was reset and also the admin account does not work. Wondering if it is a bug as result of the downgrade. I need away to log into these boxes any help would be greatly appreciated.
Thanks
08-04-2023 12:29 PM
So through digging and searching on the KB I found and article that supplied the advanced option password for maint mode. Once in there I was able to revert PANOS to 9.0.4 which is the version that came on the box. Once I rebooted into PANOS 9.0.4 the default username/password worked.
Thank you both for your suggestions and time with this issue.
08-03-2023 07:16 AM
Hello VerizonNSE,
There is a customer advisory about PA-5200 Series firewalls which could explain you issue.
Olivier
PCSNE - CISSP
Best Effort contributor
Check out our PANCast Channel
Disclaimer : All messages are my personal ones and do not represent my company's view in any way.
08-03-2023 07:54 AM
Hi @VerizonNSE ,
What does the login prompt say?
Thanks,
Tom
08-03-2023 08:09 AM
The prompt says PA-5220 Login:
Type default admin / admin
Then says Login incorrect
changes to login:
08-03-2023 08:44 AM
Thank you, sir.
Just verifying you were not at one of the earlier prompts. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloQCAS
You said that you waited 24 hours. So, I should have known.
Hi @ozheng ,
Can you share the URL for the customer advisory? What is the solution? Open a support case? Does he need to RMA the device?
Thanks,
Tom
08-03-2023 07:17 PM - edited 08-03-2023 07:20 PM
Hello TomYoung,
- Access restricted -
If it is due to the issue documented in the customer advisory, RMA will not help.
As per the customer advisory, open a case if you have any question.
Olivier
PCSNE - CISSP
Best Effort contributor
Check out our PANCast Channel
Disclaimer : All messages are my personal ones and do not represent my company's view in any way.
08-04-2023 04:09 AM
Hi @ozheng ,
That is really good information! Thank you!
I have seen some of your other posts on this community, and they are good. Including the URL and adding more detail in your 1st post would have been very helpful.
@VerizonNSE - So, it looks like your options are to upgrade back to 9.1 (>= 9.1.15-h1) from Maintenance Mode or open a TAC case. Now that I think of it, even this link says that the PA-5200 Series does not support PAN-OS 8.1 -> https://docs.paloaltonetworks.com/compatibility-matrix/supported-os-releases-by-model/palo-alto-netw....
Thanks,
Tom
08-04-2023 04:47 AM
I do not believe that is the issue here. These boxes were deployed before 10/2022 and the serial numbers of these boxes are not in effected range.
The PA-5220 runs fine with PANOS 8.1 as these were deployed with that version and ran fine for a year or more. I suspect the matrix shows it is not supported because it is dated July 2023 and 8.1 went EOL in May and with the advisory any new box should not run that version.
Thank you for your suggestions
08-04-2023 06:29 AM
Hi @VerizonNSE ,
Good point! So, it was fine with 8.1.
Well, you can't login, and PAN-OS 8.1 is EoL now. TAC may not help. I would use maintenance mode to load the previous 9.1 PAN-OS version and see if you can login then unless you want to RMA the devices or something else.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm9zCAC
Thanks,
Tom
08-04-2023 06:35 AM
Yeah tried that already but the only image on the box is the 8.1 image. Not sure what happened to these boxes but they are not in good shape right now.
08-04-2023 12:29 PM
So through digging and searching on the KB I found and article that supplied the advanced option password for maint mode. Once in there I was able to revert PANOS to 9.0.4 which is the version that came on the box. Once I rebooted into PANOS 9.0.4 the default username/password worked.
Thank you both for your suggestions and time with this issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!