This topic provides important recommendations for Palo Alto Networks VNFs operating within Network Edge.
What To Do
-
Create a Palo Alto Networks HA cluster in the Equinix Portal for the supported sizes, OS version, and proper license.
-
Size – VM100, VM300, VM500, and VM700
-
OS version – 9.1.9
-
License – BYOL
-
-
After the cluster is successfully created, verify that the correct license is applied on both Active Node0 and Passive Node1 using the following command:
Copy% ssh <active-management-node-ip-address>Check the output of show system info to verify that the correct serial number is applied for the given size at vm-license.
Output from Active Node0:
cmpod14@POD9-PANPR-primary(active)> show system info
hostname: POD9-PANPR-primary
ip-address: 10.198.249.26
public-ip-address: unknown
netmask: 255.255.255.0
default-gateway: 10.198.249.1
ip-assignment: dhcp
ipv6-address: unknown
ipv6-link-local-address: fe80::f816:3eff:fe60:373/64
ipv6-default-gateway:
mac-address: fa:16:3e:60:03:73
time: Mon Jul 26 20:51:28 2021
uptime: 2 days, 23:13:16
family: vm
model: PA-VM
serial: 007054000175957
vm-mac-base: 7C:89:C1:C7:29:00
vm-mac-count: 256
vm-uuid: 15DE55B3-303A-46BA-88E3-8666E878AC2C
vm-cpuid: KVM:D2060300FFFB8B0F
vm-license: VM-100
vm-mode: KVM
cloud-mode: non-cloud
sw-version: 9.1.9
global-protect-client-package-version: 0.0.0
app-version: 8391-6609
app-release-date:
av-version: 0
av-release-date:
threat-version: 0
threat-release-date:
wf-private-version: 0
wf-private-release-date: unknown
url-db: paloaltonetworks
wildfire-version: 0
wildfire-release-date:
url-filtering-version: 0000.00.00.000
global-protect-datafile-version: unknown
global-protect-datafile-release-date: unknown
global-protect-clientless-vpn-version: 0
global-protect-clientless-vpn-release-date:
logdb-version: 9.1.22
vm_series: vm_series-2.0.6
platform-family: vm
vpn-disable-mode: off
multi-vsys: off
operational-mode: normal
device-certificate-status: None
When checking request license info make sure the license is not expired. The applied license is attached to the UUID of the device (Node0, Node1).
cmpod14@POD9-PANPR-primary(active)> request license info
Current PDT Date: July 25, 2021
License entry:
Feature: Threat Prevention
Description: Threat Prevention
Serial: 007054000175957
Issued: July 23, 2021
Expires: March 05, 2036
Expired?: No
Base license: PA-VM
License entry:
Feature: Premium Partner
Description: Premium Partner
Serial: 007054000175957
Issued: July 23, 2021
Expires: March 05, 2036
Expired?: No
Base license: PA-VM
License entry:
Feature: PA-VM
Description: Standard VM-100
Serial: 007054000175957
Issued: July 23, 2021
Expires: Never
Expired?: no
cmpod14@POD9-PANPR-primary(active)>
-
SSH from Active Node0 to Passive Node1 and get the license information from Node1.
Output from Passive Node1:cmpod14@POD9-PANPR-primary(active)> ssh source 10.198.249.26 host 10.198.249.34
The authenticity of host '10.198.249.34 (10.198.249.34)' can't be established.
RSA key fingerprint is 31:c4:a6:32:57:9d:fc:ef:62:1d:0f:b1:dd:44:86:0e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.198.249.34' (RSA) to the list of known hosts.
Password:
Last login: Mon Jul 26 20:52:20 2021 from 10.196.117.227
Number of failed attempts since last successful login: 0
cmpod14@POD9-PANSC-secondary(passive)>
cmpod14@POD9-PANSC-secondary(passive)> request license info
Current PDT Date: July 26, 2021
License entry:
Feature: Threat Prevention
Description: Threat Prevention
Serial: 007054000175950
Issued: July 23, 2021
Expires March 05, 2036
Expired?: no
Base license: PA-VM
License entry:
Feature: Premium Partner
Description: Premium Partner
Serial: 007054000175950
Issued: July 23, 2021
Expires: March 05, 2036
Expired?: no
Base license: PA-VM
License entry:
Feature: PA-VM
Description: Standard VM-100
Serial: 007054000175950
Issued: July 23, 2021
Expires: Never
Expired?: no
cmpod14@POD9-PANSC-secondary(passive)>
cmpod14@POD9-PANSC-secondary(passive)> show system info
hostname: POD9-PANSC-secondary
ip-address: 10.198.249.34
public-ip-address: unknown
netmask: 255.255.255.0
default-gateway: 10.198.249.1
ip-assignment: dhcp
ipv6-address: unknown
ipv6-link-local-address: fe80::f816:3eff:fef0:7b2e/64
ipv6-default-gateway:
mac-address: fa:16:3e:f0:7b:2e
time: Mon Jul 26 20:58:13 2021
uptime: 0 days, 2:19:45
family: vm
model: PA-VM
serial: 007054000175950
vm-mac-base: 7C:89:C1:2A:8C:00
vm-mac-count: 256
vm-uuid: 1CA297EA-EE82-4768-BCDA-AF5AD325EEC1
vm-cpuid: KVM:D2060300FFFB8B0F
vm-license: VM-100
vm-mode: KVM
cloud-mode: non-cloud
sw-version: 9.1.9
global-protect-client-package-version: 0.0.0
app-version: 8391-6609
app-release-date:
av-version: 0
av-release-date:
threat-version: 0
threat-release-date:
wf-private-version: 0
wf-private-release-date: unknown
url-db: paloaltonetworks
wildfire-version: 0
wildfire-release-date:
url-filtering-version: 0000.00.00.000
global-protect-datafile-version: unknown
global-protect-datafile-release-date: unknown
global-protect-clientless-vpn-version: 0
global-protect-clientless-vpn-release-date:
logdb-version: 9.1.22
vm_series: vm_series-2.0.6
platform-family: vm
vpn-disable-mode: off
multi-vsys: off
operational-mode: normal
device-certificate-status: None
cmpod14@POD9-PANSC-secondary(passive)>
-
Verify that the Palo Alto HA cluster was formed successfully between Node0 and Node1.
Enter show high-availability all on both Active (Node0) and Passive (Node1) nodes. Verify the following for the successful cluster formation:-
Node0 State = Active
-
HA1/HA2 Control and Data links between Node0 and Node1 are up.
-
The build version is the same for both Node0 and Node1.
-
Verify that the Peer (Node1) is up and a Passive state.
-
Configuration should be synchronized between Node0 and Node1.
cmpod14@POD9-PANPR-primary(active)> show high-availability all
Group 21:
Mode: Active-Passive
Local Information:
Version: 1
Mode: Active-Passive
State: active (last 2 hours)
Device Information:
Model: PA-VM
Management IPv4 Address: 10.198.249.26/24
Management IPv6 Address:
Jumbo-Frames enabled; MTU 8950
HA1 Control Links Joint Configuration:
Link Monitor Interval: 3000 ms
Encryption Enabled: no
HA1 Control Link Information:
IP Address: 169.254.255.0/31
MAC Address: 7c:89:c1:c7:29:17
Interface: ethernet1/8
Link State: Up; Setting: 10Gb/s-full
Key Imported : no
HA2 Data Link Information:
IP Address: 169.254.255.2/31
MAC Address: 7c:89:c1:c7:29:18
Interface: ethernet1/9
Link State: Up; Setting: 10Gb/s-full
Keep-alive config log-only; threshold 10000 ms
Election Option Information:
Priority: 100
Preemptive: no
Promotion Hold Interval: 2000 ms
Hello Message Interval: 8000 ms
Heartbeat Ping Interval: 2000 ms
Max # of Flaps: 3
Preemption Hold Interval: 1 min
Monitor Fail Hold Up Interval: 0 ms
Addon Master Hold Up Interval: 500 ms
Active-Passive Mode:
Passive Link State: shutdown
Monitor Fail Hold Down Interval: 1 min
Version Information:
Build Release: 9.1.9
URL Database: 0000.00.00.000
Application Content: 8391-6609
Anti-Virus: 0
Threat Content: 0
VPN Client Software: Not Installed
Global Protect Client Software: Not Installed
VM License Type: vm100
Plugin Information:
VMS: 2.0.6
Version Compatibility:
Software Version: Match
Application Content Compatibility: Match
Anti-Virus Compatibility: Match
Threat Content Compatibility: Match
VPN Client Software Compatibility: Match
Global Protect Client Software Compatibility: Match
VM License Type: Match
Plugin Information:
VMS: Match
State Synchronization: Complete; type: ethernet
Peer Information:
Connection status: up
Version: 1
Mode: Active-Passive
State: passive (last 2 hours)
Last suspended state reason: User requested
Device Information:
Model: PA-VM
Management IPv4 Address: 10.198.249.34/24
Management IPv6 Address:
Jumbo-Frames enabled; MTU 8950
HA1 Control Link Information:
IP Address: 169.254.255.1
MAC Address: 7c:89:c1:2a:8c:17
Connection up; Primary HA1 link
HA2 Data Link Information:
IP Address: 169.254.255.3
MAC Address: 7c:89:c1:2a:8c:18
Keep-alive config log-only; status up; Primary HA2 Link
Monitor Hold inactive; Allow settling after failure
Election Option Information:
Priority: 200
Preemptive: no
Version Information:
Build Release: 9.1.9
URL Database: 0000.00.00.000
Application Content: 8391-6609
Anti-Virus: 0
Threat Content: 0
VPN Client Software: Not Installed
Global Protect Client Software: Not Installed
VM License Type: vm100
Plugin Information:
VMS: 2.0.6
Initial Monitor Hold inactive; Allow Network/Links to Settle:
Link and path monitoring failures honored
Link Monitoring Information:
Enabled: yes
Failure condition: any
No link monitoring groups
Path Monitoring Information:
Enabled: yes
Failure condition: any
Virtual-Wire Groups:
No Virtual-Wire path monitoring groups
VLAN Groups:
No VLAN path monitoring groups
Virtual-Router Groups:
No Virtual-Router path monitoring groups
Configuration Synchronization:
Enabled: yes
Running Configuration: synchronized
cmpod14@POD9-PANPR-primary(active)>
cmpod14@POD9-PANSC-secondary(passive)> show high-availability all
Group 21:
Mode: Active-Passive
Local Information:
Version: 1
Mode: Active-Passive
State: passive (last 2 hours)
Device Information:
Model: PA-VM
Management IPv4 Address: 10.198.249.34/24
Management IPv6 Address:
Jumbo-Frames enabled; MTU 8950
HA1 Control Links Joint Configuration:
Link Monitor Interval: 3000 ms
Encryption Enabled: no
HA1 Control Link Information:
IP Address: 169.254.255.1/31
MAC Address: 7c:89:c1:2a:8c:17
Interface: ethernet1/8
Link State: Up; Setting: 10Gb/s-full
Key Imported : no
HA2 Data Link Information:
IP Address: 169.254.255.3/31
MAC Address: 7c:89:c1:2a:8c:18
Interface: ethernet1/9
Link State: Up; Setting: 10Gb/s-full
Keep-alive config log-only; threshold 10000 ms
Election Option Information:
Priority: 200
Preemptive: no
Promotion Hold Interval: 2000 ms
Hello Message Interval: 8000 ms
Heartbeat Ping Interval: 2000 ms
Max # of Flaps: 3
Preemption Hold Interval: 1 min
Monitor Fail Hold Up Interval: 0 ms
Addon Master Hold Up Interval: 500 ms
Active-Passive Mode:
Passive Link State: shutdown
Monitor Fail Hold Down Interval: 1 min
Version Information:
Build Release: 9.1.9
URL Database: 0000.00.00.000
Application Content: 8391-6609
Anti-Virus: 0
Threat Content: 0
VPN Client Software: Not Installed
Global Protect Client Software: Not Installed
VM License Type: vm100
Plugin Information:
VMS: 2.0.6
Version Compatibility:
Software Version: Match
Application Content Compatibility: Match
Anti-Virus Compatibility: Match
Threat Content Compatibility: Match
VPN Client Software Compatibility: Match
Global Protect Client Software Compatibility: Match
VM License Type: Match
Plugin Information:
VMS: Match
State Synchronization: Complete; type: ethernet
Peer Information:
Connection status: up
Version: 1
Mode: Active-Passive
State: active (last 2 hours)
Device Information:
Model: PA-VM
Management IPv4 Address: 10.198.249.26/24
Management IPv6 Address:
Jumbo-Frames enabled; MTU 8950
HA1 Control Link Information:
IP Address: 169.254.255.0
MAC Address: 7c:89:c1:c7:29:17
Connection up; Primary HA1 link
HA2 Data Link Information:
IP Address: 169.254.255.2
MAC Address: 7c:89:c1:c7:29:18
Keep-alive config log-only; status up; Primary HA2 Link
Monitor Hold inactive; Allow settling after failure
Election Option Information:
Priority: 100
Preemptive: no
Version Information:
Build Release: 9.1.9
URL Database: 0000.00.00.000
Application Content: 8391-6609
Anti-Virus: 0
Threat Content: 0
VPN Client Software: Not Installed
Global Protect Client Software: Not Installed
VM License Type: vm100
Plugin Information:
VMS: 2.0.6
Initial Monitor Hold inactive; Allow Network/Links to Settle:
Link and path monitoring failures honored
Link Monitoring Information:
Enabled: yes
Failure condition: any
No link monitoring groups
Path Monitoring Information:
Enabled: yes
Failure condition: any
Virtual-Wire Groups:
No Virtual-Wire path monitoring groups
VLAN Groups:
No VLAN path monitoring groups
Virtual-Router Groups:
No Virtual-Router path monitoring groups
Configuration Synchronization:
Enabled: yes
Running Configuration: synchronized
cmpod14@POD9-PANSC-secondary(passive)>
-
-
Check the interface status on Node0 and Node1. Active (Node0) should be up and Passive (Node1) should be power-down.
-
Check the license dependency on the UUID. A license that is applied per CM-PAN device depends on the UUID of the VNF. Enter show system info to get the UUID information for Node0 and Node1.
Note: The Equinix Portal will also provide UUID information for the VNF device.
cmpod14@POD9-PANPR-primary(active)> show system info
hostname: POD9-PANPR-primary
ip-address: 10.198.249.26
public-ip-address: unknown
netmask: 255.255.255.0
default-gateway: 10.198.249.1
ip-assignment: dhcp
ipv6-address: unknown
ipv6-link-local-address: fe80::f816:3eff:fe60:373/64
ipv6-default-gateway:
mac-address: fa:16:3e:60:03:73
time: Mon Jul 26 21:41:59 2021
uptime: 3 days, 0:03:47
family: vm
model: PA-VM
serial: 007054000175957
vm-mac-base: 7C:89:C1:C7:29:00
vm-mac-count: 256
vm-uuid: 15DE55B3-303A-46BA-88E3-8666E878AC2C
vm-cpuid: KVM:D2060300FFFB8B0F
vm-license: VM-100
vm-mode: KVM
cloud-mode: non-cloud
sw-version: 9.1.9
global-protect-client-package-version: 0.0.0
app-version: 8391-6609
app-release-date:
av-version: 0
av-release-date:
threat-version: 0
threat-release-date:
wf-private-version: 0
wf-private-release-date: unknown
url-db: paloaltonetworks
wildfire-version: 0
wildfire-release-date:
url-filtering-version: 0000.00.00.000
global-protect-datafile-version: unknown
global-protect-datafile-release-date: unknown
global-protect-clientless-vpn-version: 0
global-protect-clientless-vpn-release-date:
logdb-version: 9.1.22
vm_series: vm_series-2.0.6
platform-family: vm
vpn-disable-mode: off
multi-vsys: off
operational-mode: normal
device-certificate-status: None
cmpod14@POD9-PANPR-primary(active)>
cmpod14@POD9-PANSC-secondary(passive)> show system info
hostname: POD9-PANSC-secondary
ip-address: 10.198.249.34
public-ip-address: unknown
netmask: 255.255.255.0
default-gateway: 10.198.249.1
ip-assignment: dhcp
ipv6-address: unknown
ipv6-link-local-address: fe80::f816:3eff:fef0:7b2e/64
ipv6-default-gateway:
mac-address: fa:16:3e:f0:7b:2e
time: Mon Jul 26 21:45:25 2021
uptime: 0 days, 3:06:57
family: vm
model: PA-VM
serial: 007054000175950
vm-mac-base: 7C:89:C1:2A:8C:00
vm-mac-count: 256
vm-uuid: 1CA297EA-EE82-4768-BCDA-AF5AD325EEC1
vm-cpuid: KVM:D2060300FFFB8B0F
vm-license: VM-100
vm-mode: KVM
cloud-mode: non-cloud
sw-version: 9.1.9
global-protect-client-package-version: 0.0.0
app-version: 8391-6609
app-release-date:
av-version: 0
av-release-date:
threat-version: 0
threat-release-date:
wf-private-version: 0
wf-private-release-date: unknown
url-db: paloaltonetworks
wildfire-version: 0
wildfire-release-date:
url-filtering-version: 0000.00.00.000
global-protect-datafile-version: unknown
global-protect-datafile-release-date: unknown
global-protect-clientless-vpn-version: 0
global-protect-clientless-vpn-release-date:
logdb-version: 9.1.22
vm_series: vm_series-2.0.6
platform-family: vm
vpn-disable-mode: off
multi-vsys: off
operational-mode: normal
device-certificate-status: None
-
Verify UUID changes and that license retrieval is de-activated. There serial number should be unknown and the vm-license should be none.
If a COMPUTE (server) on which Active Node0 onboarded goes down, switchover happens to Node1 and it becomes ACTIVE and Node0 recovery is initiated.
After successful auto recovery of Node0, the device will be re-deployed on to different COMPUTE and the UUID of the device (Node0) will change. Because of the changes in UUID, License on the device (Node0) gets automatically deactivated and Node0 goes into non-functional state.
Use the show system info command to view the UUID changes. The state of the node is non-functional.
cmpod14@POD9-PANPR-primary(non-functional)> show system info
hostname: POD9-PANPR-primary
ip-address: 10.196.28.23
public-ip-address: unknown
netmask: 255.255.255.0
default-gateway: 10.196.28.254
ip-assignment: dhcp
ipv6-address: unknown
ipv6-link-local-address: fe80::f816:3eff:fefd:5a39/64
ipv6-default-gateway:
mac-address: fa:16:3e:fd:5a:39
time: Fri Jul 16 00:34:50 2021
uptime: 0 days, 0:07:17
family: vm
model: PA-VM
serial: unknown >>> License got deactivated after recovery
vm-mac-base: BA:DB:EE:FB:AD:00
vm-mac-count: 256
vm-uuid: DC2EB4E1-7028-46ED-8326-723A5D124A6A >>> UUID changed after the recovery
vm-cpuid: KVM:54060500FFFB8B0F
vm-license: none >>> vm-license moved to none state
vm-mode: KVM
cloud-mode: non-cloud
sw-version: 9.1.3
global-protect-client-package-version: 0.0.0
app-version: 8284-6141
app-release-date:
av-version: 0
av-release-date:
threat-version: 0
threat-release-date:
wf-private-version: 0
wf-private-release-date: unknown
url-db: paloaltonetworks
wildfire-version: 0
wildfire-release-date:
url-filtering-version: 0000.00.00.000
global-protect-datafile-version: unknown
global-protect-datafile-release-date: unknown
global-protect-clientless-vpn-version: 0
global-protect-clientless-vpn-release-date:
logdb-version: 9.1.21
vm_series: vm_series-1.0.11
platform-family: vm
vpn-disable-mode: off
multi-vsys: off
operational-mode: normal
device-certificate-status: None
On the Node0 which is recovered and re-deployed to a different compute, the HA state shows as non-functional and the reason is license mismatch. The peer state on Node0 should be up (where Node1 is active node).
cmpod14@POD9-PANPR-primary(non-functional)> show high-availability all
Group 25:
Mode: Active-Passive
Local Information:
Version: 1
Mode: Active-Passive
State: non-functional (last 2 minutes)
State Reason: VM License mismatches with peer
Device Information:
Model: PA-VM
Management IPv4 Address: 10.196.28.23/24
Management IPv6 Address:
Jumbo-Frames enabled; MTU 8950
HA1 Control Links Joint Configuration:
Link Monitor Interval: 3000 ms
Encryption Enabled: no
HA1 Control Link Information:
IP Address: 169.254.255.0/31
MAC Address: ba:db:ee:fb:ad:17
Interface: ethernet1/8
Link State: Up; Setting: 10Gb/s-full
Key Imported : no
HA2 Data Link Information:
IP Address: 169.254.255.2/31
MAC Address: ba:db:ee:fb:ad:18
Interface: ethernet1/9
Link State: Up; Setting: 10Gb/s-full
Keep-alive config log-only; threshold 10000 ms
Election Option Information:
Priority: 100
Preemptive: no
Promotion Hold Interval: 2000 ms
Hello Message Interval: 8000 ms
Heartbeat Ping Interval: 2000 ms
Max # of Flaps: 3
Preemption Hold Interval: 1 min
Monitor Fail Hold Up Interval: 0 ms
Addon Master Hold Up Interval: 500 ms
Active-Passive Mode:
Passive Link State: shutdown
Monitor Fail Hold Down Interval: 1 min
Version Information:
Build Release: 9.1.3
URL Database: 0000.00.00.000
Application Content: 8284-6141
Anti-Virus: 0
Threat Content: 0
VPN Client Software: Not Installed
Global Protect Client Software: Not Installed
Plugin Information:
VMS: 1.0.11
Version Compatibility:
Software Version: Match
Application Content Compatibility: Match
Anti-Virus Compatibility: Match
Threat Content Compatibility: Match
VPN Client Software Compatibility: Match
Global Protect Client Software Compatibility: Match
Plugin Information:
VMS: Match
State Synchronization: Complete; type: ethernet
Peer Information:
Connection status: up
Version: 1
Mode: Active-Passive
State: active (last 2 minutes)
Last non-functional state reason: VM License mismatches with peer
Device Information:
Model: PA-VM
Management IPv4 Address: 10.196.28.29/24
Management IPv6 Address:
Jumbo-Frames enabled; MTU 8950
HA1 Control Link Information:
IP Address: 169.254.255.1
MAC Address: e4:a7:49:3f:64:17
Connection up; Primary HA1 link
HA2 Data Link Information:
IP Address: 169.254.255.3
MAC Address: e4:a7:49:3f:64:18
Keep-alive config log-only; status up; Primary HA2 Link
Monitor Hold inactive; Allow settling after failure
Election Option Information:
Priority: 200
Preemptive: no
Version Information:
Build Release: 9.1.3
URL Database: 20210716.20009
Application Content: 8284-6141
Anti-Virus: 0
Threat Content: 0
VPN Client Software: Not Installed
Global Protect Client Software: Not Installed
Plugin Information:
VMS: 1.0.11
Initial Monitor Hold inactive; Allow Network/Links to Settle:
Link and path monitoring failures honored
Link Monitoring Information:
Enabled: yes
Failure condition: any
No link monitoring groups
Path Monitoring Information:
Enabled: yes
Failure condition: any
Virtual-Wire Groups:
No Virtual-Wire path monitoring groups
VLAN Groups:
No VLAN path monitoring groups
Virtual-Router Groups:
No Virtual-Router path monitoring groups
Configuration Synchronization:
Enabled: yes
Running Configuration: synchronized
cmpod14@POD14-PANPR-primary(non-functional)>
cmpod14@POD14-PANPR-primary(non-functional)>
-
Verify the PAN VNF device is in an invalid license state. If show system info shows the serial number as unknown and vm-license as none, the device does not have a valid license.
cmpod14@POD9-PANPR-primary(non-functional)> show system info
hostname: POD14-PANPR-primary
ip-address: 10.196.28.23
public-ip-address: unknown
netmask: 255.255.255.0
default-gateway: 10.196.28.254
ip-assignment: dhcp
ipv6-address: unknown
ipv6-link-local-address: fe80::f816:3eff:fefd:5a39/64
ipv6-default-gateway:
mac-address: fa:16:3e:fd:5a:39
time: Fri Jul 16 00:34:50 2021
uptime: 0 days, 0:07:17
family: vm
model: PA-VM
serial: unknown
vm-mac-base: BA:DB:EE:FB:AD:00
vm-mac-count: 256
vm-uuid: DC2EB4E1-7028-46ED-8326-723A5D124A6A
vm-cpuid: KVM:54060500FFFB8B0F
vm-license: none
vm-mode: KVM
cloud-mode: non-cloud
sw-version: 9.1.3
global-protect-client-package-version: 0.0.0
app-version: 8284-6141
app-release-date:
av-version: 0
av-release-date:
threat-version: 0
threat-release-date:
wf-private-version: 0
wf-private-release-date: unknown
url-db: paloaltonetworks
wildfire-version: 0
wildfire-release-date:
url-filtering-version: 0000.00.00.000
global-protect-datafile-version: unknown
global-protect-datafile-release-date: unknown
global-protect-clientless-vpn-version: 0
global-protect-clientless-vpn-release-date:
logdb-version: 9.1.21
vm_series: vm_series-1.0.11
platform-family: vm
vpn-disable-mode: off
multi-vsys: off
operational-mode: normal
device-certificate-status: None
-
Activate the license the device using CLI or in the Equinix Portal.
CLI example: request license fetch auth-code <Valid-customer-authcode>.
What Not To Do
-
Use PAN OS 9.1.9 on cluster nodes. Do not use any other PAN OS version.
-
Do not build a cluster (HA pair) with nodes that have different licenses and different sizes. For example, if your Node0 device is VM100, your Node1 device must be the same size and the same license.
-
Do not use an invalid license.
