| Cause | Prevention | |-------|-------------| | OS reinstall without TPM backup | Backup TPM owner password & persist storage | | Disk cloning across devices | Never clone TPM-bound OS images | | Panorama DB inconsistency | Run request device-certificate sync after hardware changes | | TPM firmware update | Re-enroll certificates immediately after update |
Background
Use show globalprotect tpm attestation statistics on the firewall to monitor mismatches before they cause mass outages. | Cause | Prevention | |-------|-------------| | OS