.png "Satish"){kind=avatar}
09-25-2014 06:01 AM
Dear Friends, I am try to download PAN-DB for URL but i am getting below error. please suggest. PAN-DB list Loading Failed (ERROR: SSL Connect Error)
09-30-2014 10:20 AM
Is your upstream Sonicwall performing SSL decryption? The connection between the firewall and the PAN-DB servers is not compatible with SSL decryption.
09-25-2014 06:05 AM
Try looking at some log files to get a clue to what's going wrong via the CLI:
for example: tail follow yes mp-log ms.log
Kind regards,
Bob
09-25-2014 06:07 AM
Hello Satish,
Do you have an internet connection directly from the management interface or you are using service route.?
Please apply CLY command while trying to download the database, and share the putput.
> tail follow yes mp-log ms.log
Thanks
09-25-2014 08:56 AM
Dear Hulk, No, i am using service route. and device is vwire Mode. i am able to update PAN os, Antivirus... etc but problem is only for URL DB. other Point is that i am also not find any url log in monitor tab. Regards Satish
09-25-2014 09:24 AM
Hi Satish,
Are you using Management interface or Dataplane interface to get the get the update. This is configured under Device -> Setup -> Services -> Service Route configuration. From system logs it seems issue is with the ssl connection. There can be many variables causing the ssl failures.
If you are using dataplane interface (external interface) to get the update, do you have deny any any rule. Also, could you please change your interfaces under Service Route Configuration for URL Updates. (For ex if you are using default, use external or internal interface) and Commit. Hope this helps.
09-25-2014 09:29 AM
Dear ssharma, I am using Management interface for update. and no any deny rule. Thanks Regard satish
09-25-2014 09:30 AM
Hi Satish,
Can you change it to inside or trust interface and do a commit. And notice if you still get the same error? Thank you
09-25-2014 09:31 AM
Hello Satish,
Since you have a service route to reach update server through data-plane interface, make sure "Palo Alto Updates" are set to physical interface ( data-plane).
Thanks
09-25-2014 09:35 AM
Hi Ssharma, I am using Vwire mode and Mg port have internet access. Thnks
09-25-2014 09:38 AM
Hello Satish,
It will be better to have the ms.log to understand the point of failutre.
Could you please update CLI output here. > tail follow yes mp-log ms.log
Thanks
09-25-2014 09:39 AM
Hi Hulk bro.., but i am able to update for PAN os same config but only problm in PAN-URL.please clear me ur concept. Thanks
09-25-2014 09:40 AM
Oh ok....do you have any other firewall or device in the path that might be blocking the traffic. In that case, we will need to sniff the traffic when its leaving the firewall's mgmt ip and see why ssl connection to pandb is not successful (look for fin, rst and see where it is coming from).
09-25-2014 09:40 AM
Hi Hulk Bro. Oky, let me check and what about logs.
09-25-2014 09:49 AM
If I put The PAN firewall After sonicwall i am geting all trafic but when i have put the firewall before Firewall any not geting traffic and i have configure 2 trust zone and 2 untrust zone and rule any any allow and profile alert. plz suggest.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
