I have hundreds of PA 220's on 8.1.0 that are unable to download updates. The services routes are all configured to use a loopback and its IP which routes fine, and can ping whatever is necessary, the management interface is disconnected at all these locations. The problem is that the 220 will not resolve DNS via the service route, it seems, what I have found tinkering with this is that, again though the service routes are configured correctly, the 220 will not resolve DNS unless the MGMT interfaces is up. I have a case open for this, I was just curious if anyone else has seen a similar issue with management disconnected.
Have you tried putting the mgmt interface into admin down not just disconnected?
I wasnt aware it was possible to admin down the mgt interface. This whole problem is a bug in 8.1.x, they haven't fixed it yet. I'm rolling back my boxes to 8.0.10
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!