This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

download PAN-DB Error

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

download PAN-DB Error

Go to solution
Satish
L4 Transporter

‎09-25-2014 06:01 AM

Dear Friends, I am try to download PAN-DB for URL but i am getting below error. please suggest. PAN-DB list Loading Failed (ERROR: SSL Connect Error)

Labels:
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
kfindlen
L4 Transporter
In response to Satish

‎09-30-2014 10:20 AM

Is your upstream Sonicwall performing SSL decryption?  The connection between the firewall and the PAN-DB servers is not compatible with SSL decryption.

View solution in original post

30 REPLIES 30

Go to solution
Satish
L4 Transporter

‎09-25-2014 06:02 AM

scrennpan.png

0 Likes Likes

Go to solution
bdeschut
L4 Transporter

‎09-25-2014 06:05 AM

Try looking at some log files to get a clue to what's going wrong via the CLI:

for example: tail follow yes mp-log ms.log

Kind regards,

Bob

Go to solution
HULK
L7 Applicator
In response to Satish

‎09-25-2014 06:07 AM

Hello Satish,

Do you have an internet connection directly from the management interface or you are using service route.?

Please apply CLY command while trying to download the database, and share the putput.

> tail follow yes mp-log ms.log

Thanks

0 Likes Likes

Go to solution
Satish
L4 Transporter
In response to HULK

‎09-25-2014 08:56 AM

Dear Hulk, No, i am using service route. and device is vwire Mode. i am able to update PAN os, Antivirus... etc but problem is only for URL DB. other Point is that i am also not find any url log in monitor tab. Regards Satish

0 Likes Likes

Go to solution
ssharma
L5 Sessionator
In response to Satish

‎09-25-2014 09:24 AM

Hi Satish,

Are you using Management interface or Dataplane interface to get the get the update. This is configured under Device -> Setup -> Services -> Service Route configuration. From system logs it seems issue is with the ssl connection. There can be many variables causing the ssl failures.

If you are using dataplane interface (external interface) to get the update, do you have deny any any rule. Also, could you please change your interfaces under Service Route Configuration for URL Updates. (For ex if you are using default, use external or internal interface) and Commit. Hope this helps.

0 Likes Likes

Go to solution
Satish
L4 Transporter
In response to ssharma

‎09-25-2014 09:29 AM

Dear ssharma, I am using Management interface for update. and no any deny rule. Thanks Regard satish

0 Likes Likes

Go to solution
ssharma
L5 Sessionator
In response to Satish

‎09-25-2014 09:30 AM

Hi Satish,

Can you change it to inside or trust interface and do a commit. And notice if you still get the same error? Thank you

0 Likes Likes

Go to solution
HULK
L7 Applicator
In response to Satish

‎09-25-2014 09:31 AM

Hello Satish,

Since you have a service route to reach update server through data-plane interface, make sure "Palo Alto Updates" are set to physical interface ( data-plane).

Thanks

0 Likes Likes

Go to solution
Satish
L4 Transporter
In response to ssharma

‎09-25-2014 09:35 AM

Hi Ssharma, I am using Vwire mode and Mg port have internet access. Thnks

0 Likes Likes

Go to solution
HULK
L7 Applicator
In response to Satish

‎09-25-2014 09:38 AM

Hello Satish,

It will be better to have the ms.log to understand the point of failutre.

Could you please update CLI output here. > tail follow yes mp-log ms.log 

Thanks

0 Likes Likes

Go to solution
Satish
L4 Transporter
In response to HULK

‎09-25-2014 09:39 AM

Hi Hulk bro.., but i am able to update for PAN os same config but only problm in PAN-URL.please clear me ur concept. Thanks

0 Likes Likes

Go to solution
ssharma
L5 Sessionator
In response to Satish

‎09-25-2014 09:40 AM

Oh ok....do you have any other firewall or device in the path that might be blocking the traffic. In that case, we will need to sniff the traffic when its leaving the firewall's mgmt ip and see why ssl connection to pandb is not successful (look for fin, rst and see where it is coming from).

Go to solution
Satish
L4 Transporter
In response to HULK

‎09-25-2014 09:40 AM

Hi Hulk Bro. Oky, let me check and what about logs.

0 Likes Likes

Go to solution
Satish
L4 Transporter
In response to HULK

‎09-25-2014 09:49 AM

If I put The PAN firewall After sonicwall i am geting all trafic but when i have put the firewall before Firewall any not geting traffic and i have configure 2 trust zone and 2 untrust zone and rule any any allow and profile alert. plz suggest.

padad.png

0 Likes Likes
  • 1 accepted solution
  • 9520 Views
  • 30 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks