Airgapped Firewall Licensing Quickplay

cancel
Showing results for 
Search instead for 
Did you mean: 
L1 Bithead
Did you find this article helpful? Yes No
No ratings

quickplay_solutions.png

 

Brief Description

When a VM-Series is not connected to the Internet (or is said to be air-gapped), licensing a VM-Series Palo Alto Networks firewall requires more steps than simply clicking the Activate feature using authorization code button. This Quickplay solution was created to simplify these additional steps.

 

Prerequisites

Playing this solution requires: 

  • An active and unused VM-series auth code
  • A Customer Support Portal API Key (found under Assets > API Key Management > Licensing API)
  • API access to the NGFW
  • Either, Ansible and the mrichardson03.panos collection installed 
  • Or, PanHandler installed (or other skillet-supported applications, such as SLI)

 

Solution Details

Documentation: https://gitlab.com/panw-gse/as/airgapped-license-workflow/-/blob/master/README.md

Github Location: https://gitlab.com/panw-gse/as/airgapped-license-workflow/-/tree/master

Github Branches: master

Type of Solution: Ansible playbook or docker skillet

Product Versions Supported: PAN-OS 9.0 and later

Collections: Deploy Tools

 

Full Description

The Quickplay solution is an Ansible playbook that simplifies the licensing process for NGFWs not connected to the Internet. The playbook completes these steps: 

  1. Grab the CPUID and UUID from the NGFW
  2. Activate the NGFW with the Licensing API
  3. Push the PA-VM license key and wait for a soft reboot
  4. Push all remaining received licensing keys to the NGFW

 

This Quickplay solution can also be run as a skillet inside of PanHandler or on the command line using the SLI python package. 

 

For details about running the solution as an Ansible playbook, please see the repo's README.

Rate this article: