Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Cannot update software since upgrading to 4.1

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cannot update software since upgrading to 4.1

L2 Linker

Hello all,

I recently upgraded to the 4.1 OS from 4.0.1. The firewall settings are fine but for some reason whenever the firewall tries to download any new software like 4.1.1, GlobalProtect, Dynamic Updates it keeps getting the error "Failed due to network failure".

I have checked and made sure that the Managment Interface is not being blocked by URL or Security policies. I even see successful connections to update server but the error still keeps coming up.

Any thoughts?

Regards

Stephen

1 accepted solution

Accepted Solutions

L0 Member

I had the same issue on 4.1.0.

The Check now in Software only generated the following error message:

"Failed to check Content content upgrade info due to generic communication error"

I resolved the issue by doing this:

  • Changed the Services - Primary DNS Server from internal dns server to external dns server.
  • Changed Palo Alto Updates in Service Route Configuration to use external fw interface.

Software list is now updated and 4.1.2 are now downloading 🙂

View solution in original post

13 REPLIES 13

L6 Presenter

From the CLI, test by issuing command 'ping host updates.paloaltonetworks.com'.

Also when you go into Dynamic Updates and Software, do you get any error when you click on 'Check Now' button?

I can ping successfully from CLI and I get the same error when I manually press Check Now for any download.

Can you doublecheck the device's mgmt setting to ensure the update location is pointing to updates.paloaltonetworks.com?

Just to be specific it is in the Operations tab in the Setup section of the Device. The Update server is indeed 'updates.paloaltonetworks.com'

Configuration appears to be fine.  You may want to check again to see if the traffic is being blocked upstream.  I would suggest collecting a pcap and see.

Thanks.

Hello,

I've been dealing with this same issue as well. It started with 4.1 for me too.

I can log into the firewall, and force it to update. But sometimes even then it gets stuck, and I have to log into the CLI and cancel the job.

Here's the email error message I get.

SYSTEM ALERT : high : Failed to check Content content upgrade info due to generic communication error

domain: 1
receive_time: 2012/01/17 13:14:20
serial: xxxxxxxxx
seqno: 11896
actionflags: 0x0
type: SYSTEM
subtype: general
config_ver: 0
time_generated: 2012/01/17 13:14:20
vsys:
eventid: general
object:
fmt: 0
id: 0
module: general
severity: high
opaque: Failed to check Content content upgrade info due to generic communication error

L4 Transporter

I am seeing similiar effects (4.1.1).  I noticed today that an auto scheduled AV download was at 30% for more than a week now.  Which must of been effecting the threat content download from starting.  URL updates are up to date though.  The particular date of over a week ago was also when I found the AV download stuck the first time.  After killing the job - I can perform a manual download/install.  Seems to happen during the auto scheduled download.  

Cheers,

Mike

Has there been any update on this? There is more then one person reporting the issue now. I'm still getting the same error message I reported in my previous post.

Thanks,

Daniel

Please contact Support to open a case so that we can diagnose & have this issue track.  Thanks.

so we have to contact our local IT company to see whether they can solve this? I don't wish to bring them in to waste time on a solution which looks a vague especially since everything was working pre upgrade.

L0 Member

I had the same issue on 4.1.0.

The Check now in Software only generated the following error message:

"Failed to check Content content upgrade info due to generic communication error"

I resolved the issue by doing this:

  • Changed the Services - Primary DNS Server from internal dns server to external dns server.
  • Changed Palo Alto Updates in Service Route Configuration to use external fw interface.

Software list is now updated and 4.1.2 are now downloading 🙂

awesome! it worked :smileygrin:

Thanks

L3 Networker

Hello,

I am facing the same issue with PA-2020 PanOS 4.2.

Tryingto update to PanOS 4.3, I am getting the message " Failed to check upgrade info due to generic communication error. Please check network connectivity and try again."

I can ping the PaloAlto update server and updates were working untill now.

Regards,

Laurent

  • 1 accepted solution
  • 8051 Views
  • 13 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!