Focus

VM-Series and Panorama Plugins Release Notes

Limitations

Table of Contents

Limitations

Limitations associated with the Zero Touch Provisioning (ZTP) plugin.

The following are limitations associated with Zero Touch Provisioning (ZTP) Plugin.

Issue ID	Description
PAN-205085	Automated Commit Recovery (DeviceSetupManagementPanorama Settings) may cause the first configuration push (CommitPush to Devices) from the Panorama management server to be automatically reverted with the error: Panorama connectivity check failed for <Panorama FQDN or IP>, Reason: TCP channel setup failed, reverting configuration Workaround: Before the first push to your ZTP firewalls, select DeviceSetupManagement and edit the Panorama Settings to increase the Number of attempts to check for Panorama connectivity to 5 to prevent an automatic configuration revert.
PAN-198480	The ZTP cloud service supports a direct internet connection to successfully onboard a ZTP firewall to Panorama management. The ZTP cloud service does not support an explicit web proxy and is unable to onboard a ZTP firewall to Panorama management if an explicit web proxy is configured as a gateway to the internet for your ZTP firewalls and Panorama.
PAN-173438	Palo Alto Networks cannot specify a PAN-OS version for a replacement system disk in the event the system disk for a ZTP firewall needs to be replaced. Instead of replacing the system disk for a ZTP firewall, you must contact Palo Alto Networks support to RMA the ZTP firewall and then replace the RMA firewall to avoid installing a system disk with a PAN-OS version that does not support ZTP.
ZTP-94	Firewalls onboarded to Panorama management using ZTP do not support high availability (HA) configuration. You must disable ZTP on your firewalls to configure them in an HA configuration. After disabling ZTP, add your firewalls as managed devices and set up your firewalls in an active/passive or active/active HA configuration.

Known Issues in the Zero Touch Provisioning 1.0.0 Release

Panorama Plugin for Kubernetes