topic Re: Active/Passive - Failed to check Antivirus content upgrade info due to generic communication error in General Topics

Active/Passive - Failed to check Antivirus content upgrade info due to generic communication error

steven_walbroehl — Mon, 22 Jul 2013 15:17:58 GMT

I am getting a daily notification that states that Failed to check Antivirus content upgrade info due to generic communication error . I have a HA Active/Passive set up on my network. The Active is connecting to updates.paloaltonetworks.com fine and is getting the most recent verison, and there is a Green Dot that connection is okay from the Management Interface. I believe however, that the alerts are being sent out from the Passive device for some reason even though the two devices are connected together fine. Any help on how to verify that things are okay on the cluster, and how to stop these Alerts from being sent?

Model	PA-4020
Software version	4.1.11
GlobalProtect Client	1.1.6
Application version	384-1877
Threat version	384-1877
Antivirus version	1061-1478

Re: Active/Passive - Failed to check Antivirus content upgrade info due to generic communication error

gwesson — Mon, 22 Jul 2013 16:24:50 GMT

Hi Steven,

If the firewalls are configured to use an L3 interface to go out for updates (Device > Setup > Services tab > Service Route Configuration), the default setting for the passive L3 interfaces is to be down. This setting allows them to become active during a failure of the primary and ARP for the shared IP.

The management interface is still up even when a device is in the passive state, so if the service route is configured to use that interface and you can configure a route on the connected devices to allow Internet access from that interface you should be able to eliminate those messages.

You could also disable antivirus checking on the passive unit ensuring that the active syncs it, but that would stop updates if a failure happened.

Hope this helps,

Greg