The standard remediation procedure involves accessing the firewall via the Console port, as the management GUI (web interface) may be inaccessible due to the certificate failure. Administrators must enter Maintenance Mode. From here, the solution typically involves one of two paths:
application in security policies can block necessary management traffic. Palo Alto Networks LIVEcommunity Troubleshooting and Resolutions Lower Management MTU
: Once the old certificate is cleared by support, you will need to generate a new One-Time Password (OTP) from the Palo Alto Customer Support Portal and re-run the request certificate fetch command. Summary of CLI Commands Fetch Certificate : request certificate fetch Check Status : show device-certificate status