This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Apple Software Updates Issue with Palo Alto

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Apple Software Updates Issue with Palo Alto

Go to solution
Jatin.Singh
L3 Networker

‎07-11-2021 06:36 PM

Hi,

If we try to update apps on a iPhone they don’t update but if we remove the security profiles the apps update with no issues.

 

When you click update it attempts to do the download and just fails

 

We are using following security profiles(image attached). We think this may actually be a bug.

 

The update is only successful if the rule has NO profiles attached.

 

We just turned them off one by one, nothing worked until they where all off.

 

We attached the wildfire profile only, it stopped working.

 

We attached the alert only file blocking policy and it stopped working.

 

We do not SSL decryption configured. Users are directly connected with Palo Alto over WLAN not VPN.

 

1 (7).png

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
Jatin.Singh
L3 Networker
In response to BPry

‎07-15-2021 04:26 PM

Raised the issue with TAC and they found the issue as mentioned in the below KB

 

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POjhCAG&lang=en_US%E2%80%A...

 

By enabling "Allow HTTP partial response" issue got resolved

 

Under Device->Setup->Content-ID->Content-ID Settings 

View solution in original post

0 Likes Likes
9 REPLIES 9

Go to solution
MP18
Cyber Elite
Cyber Elite

‎07-11-2021 09:14 PM

@Jatin.Singh 

 

Please check logs for  Wildfire submissions and look for action also check threat, and data filtering logs.

Here you will see why and which security profile is blocking the connection.

 

Regards

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

Go to solution
Shehriyar
L1 Bithead

‎07-11-2021 10:48 PM

Could you please share the individual profile settings you are mapping.

Also, could you please try, attaching all profiles except WildFire Analysis Profile and check if it works.

Shehriyar Ahmed
0 Likes Likes

Go to solution
Jatin.Singh
L3 Networker
In response to Shehriyar

‎07-12-2021 06:47 PM

@MP18 nothing in the logs indicating a block, either traffic or threat 

 

I attached the alert only file blocking policy and it stopped working.

 

I just turned them off one by one, nothing worked until they where all off.

 

I attached the wildfire profile only, it stopped working.

 

2 (3).png3.png4.png5.png6.png7.png8.png

0 Likes Likes

Go to solution
MP18
Cyber Elite
Cyber Elite
In response to Jatin.Singh

‎07-12-2021 07:40 PM

@Jatin.Singh 

 

Looking at the profile settings we can not tell how traffic is blocked.

You need to check Under Monitor 

traffic,Threat,url-filtering, wildfire and other logs for specific source and destinations why traffic is blocked.

 

Regards

 

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

Go to solution
Jatin.Singh
L3 Networker
In response to MP18

‎07-12-2021 07:59 PM

We have already checked and cannot see any blocked traffic 

We have made simple test policy 

 

Capture.JPG

 

Also without any profiles attached it works, and then we attached File Blocking alert only profile and it stopped working.

Alert only profile will not block the updates? And no other profile was attached while testing it.

 

Rule is allowing all from the source as seen above

 

7.png

 

 

0 Likes Likes

Go to solution
BPry
Cyber Elite
Cyber Elite

‎07-13-2021 10:45 AM

@Jatin.Singh,

What version of PAN-OS do you have installed? I've never had an issue with iOS updates downloading properly with a full suite of profiles applied to the traffic, including a profile that directly matches your "Alert-Only-FB" settings. 

0 Likes Likes

Go to solution
Jatin.Singh
L3 Networker
In response to BPry

‎07-15-2021 04:26 PM

Raised the issue with TAC and they found the issue as mentioned in the below KB

 

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POjhCAG&lang=en_US%E2%80%A...

 

By enabling "Allow HTTP partial response" issue got resolved

 

Under Device->Setup->Content-ID->Content-ID Settings 

0 Likes Likes

Go to solution
MP18
Cyber Elite
Cyber Elite
In response to Jatin.Singh

‎07-15-2021 10:03 PM

@Jatin.Singh 

 

Thanks for letting us know.

 

Regards

Mahesh

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

Go to solution
pendergrass54
L0 Member

‎07-16-2021 12:04 AM

This works really well for us, thank you! Facing same issue here. Help is appreciated.

MyGiftCardSite
0 Likes Likes
  • 1 accepted solution
  • 6051 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks