: Known Issues in the Zero Touch Provisioning 1.0.1 Release
Focus
Focus

Known Issues in the Zero Touch Provisioning 1.0.1 Release

Table of Contents

Known Issues in the Zero Touch Provisioning 1.0.1 Release

PLUG-4937

The Customer Support Portal (CSP) allows you to register up to two Panorama management servers that are not in a high availability (HA) configuration with the ZTP service on your CSP account and allows you to register a ZTP firewall with both Panoramas, resulting in duplicate registration.
Workaround: Ensure that a single Panorama, or two Panorama in an HA configuration, are associated with the ZTP service on your CSP account.

PLUG-4978

On the Panorama management server, when you import (PanoramaZero Touch ProvisioningFirewall Registration) a CSV with no serial numbers or claim keys, or import a CSV with special characters, Panorama erroneously displays the import as successful.

PLUG-6702

On the Panorama management server, some firewalls cannot be added as managed firewalls (PanoramaManaged DevicesSummary) when onboarding using the ZTP service.
Issue is addressed in Zero Touch Provisioning (ZTP) Plugin 1.0.2.

PAN-160870

This issue is resolved in PAN-OS 10.1.0, 10.0.6, and 9.1.0.
On a Zero Touch Provisioning (ZTP) capable firewall with ZTP disabled, the default ZTP configuration that allows on-boarded firewalls to connect to the Panorama management server is still present and causes commit failures.
Workaround: Log in to the firewall CLI to enable and then disable the template and shared policy configurations.
  1. Enable and then disable the template configuration.
    admin> set system setting template enable
    admin> set system setting template disable
  2. Enable and then disable the Panorama shared policy configuration.
    admin> set system setting shared-policy enable
    admin> set system setting shared-policy enable
  3. Commit to disable ZTP.
    admin> configure
    admin# commit force