PAN-OS 8.0 Updates

Reply
L6 Presenter

PAN-OS 8.0 Updates

I've recently upgraded a lab 200 to 8.0 from 6.1.4.

 

After upgrade I couldn't get it to connect out for Software or Dynamic updates, getting an error saying no connectivity basically.

 

I saw the changes about where communication via the mgmt interface has changed, and thought I had accounted for everything correctly, but I guess I must have missed something.

 

I went into the service routes which were set to use default or use management for all and changed the ones for dynamic updates and softwareupdates as well as a few others; hardcoding them to the mgmt interface.  After I commited these changes the box was able to connect out.

 

Then after 30 minutes or so the box has lost external connectivity again.

 

Any thoughts on where I might have something configured incorrectly?  

 

(The PA-200 only has a management connection currently.  It sits behind my corporate 5060 which shows the PAN updates going out.)

L6 Presenter

Re: PAN-OS 8.0 Updates

l still would start from the cli and try to resolve updates and downloads.paloaltonetorks.com websites. Then if you do have access to the corporate firewall make sure that your lab unit source ip is allowed to get the updates through the 5060 devices.

Highlighted
L6 Presenter

Re: PAN-OS 8.0 Updates

Hi,

 

I had the same issue.

I rebooted the firewall and it started to work fine.

 

After some time it happened again.

 

Regards

 

L6 Presenter

Re: PAN-OS 8.0 Updates

Trance, thanks for the reply, yeah I've got connectivity out.  

 

 

For some reason URL updates works, but Dynamic Updates and Software Updates aren't working.

 

I honestly feel like this is a bug, but since this is a lab project of mine I don't really have time to open a TAC case to have it worked on.  

 

My hope is what someone sees this, if it isn't already known and it eventually gets fixed on a version update.  I've reloaded the PA-200 multiple times.  Messed around with the service routes.  Re-installed PAN-OS 8.0 even all with the same results.

 

 

 

admin@PA-200> request url-filtering download paloaltonetworks region North-America

PAN-DB update initiated

 

 

admin@PA-200> request url-filtering download status vendor paloaltonetworks

2017-02-24 16:56:34 PAN-DB download: Finished successfully.

 

 

 

 PA-200.JPG

 

PA-200_PAN-DB.JPG

L6 Presenter

Re: PAN-OS 8.0 Updates

Interesting. Are you able to create a policy on the 5060 with any any (without any profiles) for the source ip of your lab unit and test again?

L6 Presenter

Re: PAN-OS 8.0 Updates

It's not a security profile issue.  It was working before, using the same profile(s).

L6 Presenter

Re: PAN-OS 8.0 Updates

Hi,

 

I am just trying to eliminate all possible issues with any other inline devices. Not the best option but reverting back to 7.1.x release probably (should) prove PAN-OS 8.0.0 bug or issue.

L6 Presenter

Re: PAN-OS 8.0 Updates

I appreciate the responses.  I'll revert back and see how things go.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!