Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

download PAN-DB Error

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

download PAN-DB Error

L4 Transporter

Dear Friends, I am try to download PAN-DB for URL but i am getting below error. please suggest. PAN-DB list Loading Failed (ERROR: SSL Connect Error)

1 accepted solution

Accepted Solutions

Is your upstream Sonicwall performing SSL decryption?  The connection between the firewall and the PAN-DB servers is not compatible with SSL decryption.

View solution in original post

30 REPLIES 30

L4 Transporter

scrennpan.png

L4 Transporter

Try looking at some log files to get a clue to what's going wrong via the CLI:

for example: tail follow yes mp-log ms.log

Kind regards,

Bob

Hello Satish,

Do you have an internet connection directly from the management interface or you are using service route.?

Please apply CLY command while trying to download the database, and share the putput.

> tail follow yes mp-log ms.log

Thanks

Dear Hulk, No, i am using service route. and device is vwire Mode. i am able to update PAN os, Antivirus... etc but problem is only for URL DB. other Point is that i am also not find any url log in monitor tab. Regards Satish

Hi Satish,

Are you using Management interface or Dataplane interface to get the get the update. This is configured under Device -> Setup -> Services -> Service Route configuration. From system logs it seems issue is with the ssl connection. There can be many variables causing the ssl failures.

If you are using dataplane interface (external interface) to get the update, do you have deny any any rule. Also, could you please change your interfaces under Service Route Configuration for URL Updates. (For ex if you are using default, use external or internal interface) and Commit. Hope this helps.

Dear ssharma, I am using Management interface for update. and no any deny rule. Thanks Regard satish

Hi Satish,

Can you change it to inside or trust interface and do a commit. And notice if you still get the same error? Thank you

Hello Satish,

Since you have a service route to reach update server through data-plane interface, make sure "Palo Alto Updates" are set to physical interface ( data-plane).

Thanks

Hi Ssharma, I am using Vwire mode and Mg port have internet access. Thnks

Hello Satish,

It will be better to have the ms.log to understand the point of failutre.

Could you please update CLI output here. > tail follow yes mp-log ms.log 

Thanks

Hi Hulk bro.., but i am able to update for PAN os same config but only problm in PAN-URL.please clear me ur concept. Thanks

Oh ok....do you have any other firewall or device in the path that might be blocking the traffic. In that case, we will need to sniff the traffic when its leaving the firewall's mgmt ip and see why ssl connection to pandb is not successful (look for fin, rst and see where it is coming from).

Hi Hulk Bro. Oky, let me check and what about logs.

If I put The PAN firewall After sonicwall i am geting all trafic but when i have put the firewall before Firewall any not geting traffic and i have configure 2 trust zone and 2 untrust zone and rule any any allow and profile alert. plz suggest.

padad.png

  • 1 accepted solution
  • 9524 Views
  • 30 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!