Applications and Threats auto-update issue

Reply
Highlighted
L3 Networker

Applications and Threats auto-update issue

I have an issue where all of my definitions auto-update with the exception of Applications and Threats.

Previously, I had Applications and Threats set to download only.   About a month ago I changed it to also install.   Since that time, I've still had to manually install updates to Applications and Threats.   I've committed many times since this change and I have rebooted both members of the active/passive pair.

Anyone have an suggestions on something else that I could try to get this working the way I want it to?

a.png

b.png

PA-3050

Software Version 6.0.10

GlobalProtect Agent 0.0.0

Application version 511-2802 (07/08/15)

Threat Version 511-2802 (07/08/15)

Antivirus Version 1596-2073 (07/10/15)

WildFire Version 67614-74372 (07/10/15)

URL Filtering version 4571

Time Fri Jul 10 11:20:13 2015

Uptime 0 days, 23:39:31


Highlighted
L7 Applicator

Hit the "tasks" link in the bottom-right corner of the GUI or run the CLI command "show jobs all". See if the install job failed at the time it was attempted.

If the management CPU is pegged because something else is running first, it may prevent the job from completing.

Try changing it to an oddball time, like 1:21 AM. See if that sorts out the install process. If you want to really dig deeper, view the ms.log file in the management plane:

> less mp-log ms.log

Shift+G to go to the bottom of the file, ? to search in reverse. Find the time the install should have happened (1:15 AM today) and see if it has any complaints.

Cheers,

Greg

Highlighted
L7 Applicator

You may be hitting a conflict with your wildfire download which is also scheduled to happen every 15 minutes.  If two update jobs try to occur at the same time one will fail.

You should arrange all the updates to never have conflicting times.  I would move the wildfire to an odd minute running every 15 minutes then the rest of your schedules should have no conflicts.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Highlighted
L4 Transporter

Hi EdwinD

I have PA200 with PAN 6.1.4.

I have similar problems as You. I have case opened since november 2014 but we didn't do big improvements.

At the moment my case wait for live troubleshooting with Engineering team.

Problem is (in my case) that updates are usually downloaded and installed properly, but from time to time doesnt.

Od course my scheduled tasks are not overlapping ech other, also I know that install process of AV or Threat updates could take some time (couple of minuts on PA200).

Regards

Slawek

Highlighted
L7 Applicator

You could also experiment with the DNS servers used by the PA device setup.  I've seen issues with some servers not working consistently.  One was with Google DNS and I can't remember the other public DNS service where the updates would not work consistently.

but once a new DNS was selected they worked all the time.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!