PAN-OS 9 - Wildfire Updates skipping; claiming that a newer version already is installed

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PAN-OS 9 - Wildfire Updates skipping; claiming that a newer version already is installed

L2 Linker

I have upgraded to PAN-OS 9 yesterday, so far without 'bigger' issues, except:

 

  • EDL updates keep failing, claiming that the downloaded file is not a ext file thus using the old version
    -> interim fix was to remove the checkmark "block unknown certificate status" on the certificate profile for the EDLs
  • NTP updates keep failing without further info, just a log entry notifying about the fact
  • and the worst bit: Wildfire updates always have to be installed manually now. I have not found a solution to this.

See attached pics re Wildfire.

 

Bildschirmfoto 2019-02-13 um 19.38.33.png

 

Bildschirmfoto 2019-02-13 um 19.38.12.png

 

11 REPLIES 11

Cyber Elite
Cyber Elite

Hello,

I would make sure that no traffic is being blokced with regards to this traffic. If nothing is, I would open a support case. There are quite a few defects in this release that are known and maybe this is a new unknown.

 

Regards,

the setup has been working flawless under 8.x.x

 

I have disabled ssl inspection on the interface used by the pan to grab edls and the pan updates, same result. the ntp I have switched to an internal one, same result. error category is auth, error message says ntp sync to server fail, authentication type none. it's a plain vanilla ntp server.

 

one wildfire update has succeeded in the last hour, since then I am receiving the error messages above.

 

what a rollercoaster ride.

Would rolling back to the previous code work for your environment? I would even contact suppor and ask their assistance. Honestly they might have released 9 but I would wait until at least 9.0.3 or .4 until moving to it unless there is a feature you truly need.

I have kept a backup of the 8.0.16 configuration to roll back just in case. It's not a production device, just running on my home network, so not a big deal tbh.

Phew, good on you for testing prior to production :).  The config should remain the same, you just need to have 8.0.0 code downloaded as well as 8.0.16.

 

Good luck!

for my home network it's the "production device", so make or break 🙂 but I never would roll out any updates to a corporate device this fast.

Are you still seeing the error?  I have not getting those errors for 2 days now..

 

E

I have rolled back to 8.1.6 as I was not able to get this solved, but as long as I have been on 9.0 those error have been prevalent.

Thanks for getting back to me.  I have not getting any wildfire update error anymore.  I am hoping PAN fixed on the updated file packaging...

I just have given it another try becuase of the dns service and bulletproof hosters edl. Wildfire issues still seems to exist, I'll keep an eye on it. THis time I noticed another thing- all my custom URL Filtering Lists have been reset to allow all! Might be worth checking yours aswell.

L2 Linker

The problem with EDLs failing to refresh also still exists. I had set up a certificate profile for each additional edl I use. With 8.1.6 it works flawless, with 9.0 I cannot get it to work with an certificate profile attached. I have set it to none for the EDLs to refresh. I receive different error messages, ranging from ocsp cannot be queried to failed to refresh, using local copy.

  • 5076 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!