When I try to download PAN-OS software directly to the passive firewall it says “Failed to check upgrade info due to generic communication error. Please check network connectivity and try again”. It is working fine in Active device.
Is it the case in active/passive scenario, the passive can’t talk unless it takes over? I have checked all the interfaces and connectivity looks fine.
Thanks in advance.
Both active / passive unit should be able to check and download updates from PAN.
Please check the following,
Is the management port setup on the passive unit? DNS configured? compare the setting
Login to cli, and try ping your local gateway for the management port, 184.108.40.206, 220.127.116.11, make sure you have reachability.
try ping updates.paloaltonetworks.com, ping will fail, but you should get a name resolved (check for the DNS setting).
login to WebUI, go to device -> services -> update server, make sure it is point to updates.paloaltonetwrosks.com
Make sure your device clock is correct with time zone.
Also, try fail over the firewall, and see if it is able to download? That will sounds like a configuration issue. (maybe service route, configuration?)
Also, you don't need to go to the passive ifrewall to download, you can just download the active firewall and sync to the passive one as well.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!