topic Re: Android Samsung update doesn't work in General Topics

Android Samsung update doesn't work

G.Geraci — Wed, 01 Oct 2025 09:38:55 GMT

Hello everyone,

I can't solve the problem of updating Samsung smartphones running Android connected to the company Wi-Fi network.

I created a custom rule for mobile phone updates, but it still doesn't work. Everything is set to allow in the monitoring, but it still doesn't work.

I have run several tests, minimizing the rule configuration, but it still does not work. Does anyone have any ideas on how to resolve this?

Re: Android Samsung update doesn't work

kiwi — Wed, 01 Oct 2025 10:06:06 GMT

Hi @G.Geraci ,

Looks like session-end-reason for the traffic is "aged-out".

For services using TCP, having a session end "aged-out" might not be considered normal and further investigation is required. The reasons can be many. Here are just a few examples:

The destination server might not have an open port on the requested service
The receiving end might return traffic over a different path (asymmetric routing)
Your access can be blocked by a remote FW or access list
There might simply be a network path issue in-between

Once you've confirmed that packets are correctly leaving the firewall, you should check the behavior (if you can) on the remote end. Is your request even reaching the remote end and if so, how is it being handled? Is it being blocked and is the server sending a response back? Is traffic returned using a different path?

https://live.paloaltonetworks.com/t5/community-blogs/dotw-aged-out-session-end-in-allowed-traffic-logs/ba-p/379608

Kind regards,

-Kim.

Re: Android Samsung update doesn't work

G.Geraci — Wed, 01 Oct 2025 10:24:21 GMT

I'm sorry, but in this case, it's not as you say.

Given that we are talking about Samsung updates, managed by Samsung and on their servers, I cannot and do not have any control.

That said, if I apply the rule for updates and open it without using any specific protocol, the cell phone is able to download the update and, as you can see from the screenshot, I get the same behavior as when I apply the restriction to the Samsung update and web browsing protocols.

I'm going crazy over this. I don't understand why.

Re: Android Samsung update doesn't work

Brandon_Wertz — Thu, 02 Oct 2025 15:41:55 GMT

@G.Geraci -- Are you saying that your "samsung" rule updates work? But the "guest" rule they don't? I just have to say I hope you have fully vetted your fortinet, given the myriad list of root exploits they've had over the past year(s.)

To your issue, if it's what I wrote then it's probably straight forward. You're not allowing everything needed in the more restrictive rule. In the "working" scenario you're allowing SSL, but I'm not seeing SSL in the none-working. A confusing part though, ssl&web-browsing are "implicit" use, which means they shouldn't need to be allowed. This might be something you might need a support case on given the implicit use.

Re: Android Samsung update doesn't work

Adrian_Moechel — Tue, 06 Jan 2026 20:21:27 GMT

I expirienced the same Issue with an Android Phone. No Blocks in Threat / URL filter or any other logs where visible.
In session browser and also traffic log you could always see the application "samsung-updates" which was allowed, no blocks visible in any log but still the updates would not work on the phone.
Then i made a testrule without any security Profiles for that client and it was able to see and download updates - the updates itself seem to run via port 80 and application web-browsing.

To narrow it down i enabled one after the other security profile and once the vulnerability protection was enabled on that rule it broke the updates again...

Then i tried to disable "enable inline cloud analysis" (advanced threat protection feature) setting inside the vulnerability profile and the updates were functional again...

So something must have broken the samsung-updates related to the inline cloud analysis feature! - But i never saw ANY block or info in ANY of the logs that could have pointed me to this issue is scary..
-> it cost me half a day finding that out...so guess the solution is to disable advanced threat protection feature "inline cloud analysis" inside the vulnerability profile which is pretty sad as you pay a license for these new advanced TP features.

Hope that helps anyone with the same issue when doing a google search.

EDIT:
PanOS 11.1.11
no ssl decryption for this client was active.