Replace an RMA Firewall (ACE)

To restore the configuration on a managed firewall when there is a Return Merchandise Authorization (RMA), the procedure is to:
  • On Panorama, replace the serial number of the old firewall with the new firewall’s serial number.
  • In the firewall CLI, check to ensure that the firewall is online and connected to the Knowledge service so that the firewall can download the cloud application catalog:
    1. Access the firewall CLI.
    2. In Operational mode, check the cloud App-ID connection:
      admin@vm1> show cloud-appid connection-to-cloud
      If the firewall is connected to the cloud, the show command returns:
      ACE Cloud server: kcs.ace.tpcloud.paloaltonetworks.com:443Cloud connection: connected
      Information about the connection also displays. If the firewall is not connected to the cloud, check whether DNS services are functioning and check for any other network-related connectivity issues.
  • With the firewall connected to the App-ID cloud, Restore the Firewall Configuration after Replacement.

Recommended For You