- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
09-25-2014 06:01 AM
Dear Friends, I am try to download PAN-DB for URL but i am getting below error. please suggest. PAN-DB list Loading Failed (ERROR: SSL Connect Error)
09-25-2014 09:52 AM
Just FYI.
Once you will try to download any update, there will be 2 separate connections established to complete it successfully. 1st, it will try to reach the license server to verify the license information for the device S/N. Upon successful completion, it will try to establish an another SSL connection to a CDN network ( Public IP starts with 192.x.x.x.x) to download the actual database.
So, we need to make sure SSL is allowed throughout the path. Pls verify if any SSL packet with destination prefix (192 or 191 ) is getting dropped at sonicwall.
Thanks
09-25-2014 09:56 AM
Oky Bro.., Let me check and come back to you. Thanks Regards Satish
09-25-2014 10:01 AM
You can sniff the traffic in your management interface by using the following commands
> tchdump <--- let this command run for 10-15 seconds after trying to manually update
> view-pcap mgmt-pcap mgmt.pcap mgmt.pcap <--- it will show you the PCAP output for the management interface
> view-pcap verbose++ yes mgmt-pcap mgmt.pcap <-- will give you more detailed output
It sounds as if something may be blocking that traffic on the sonicwall but we won't know until more detail.
Do you see any log output on the Sonicwall saying it is blocking an item?
09-25-2014 10:06 AM
Dear Jperry, Thanks for your reply. i will do this tomorrow and come back to hare. Thanks Regards Satish
09-25-2014 10:52 AM
Something up with SSL connectivity. Logs should give a clue.
Perhaps you can open a support ticket for quicker resolution?
09-25-2014 11:50 PM
Hi All, Till i am facing issue no traffic block bye Sonicwall, I am able to telnet port 443. any idea friends. Regards Satish
09-25-2014 11:58 PM
Hello Satish,
Could you please share the ms.log output.
Thanks
09-26-2014 05:55 AM
Hello Satish,
I hope this is a VM machine, where you are trying to download the PAN-DB database. Could you please check if "Verify update Server Identity" option is checked on this VM. This option is available under Device > Setup > Service. If yes, please uncheck that option and try once again. ( a commit required).
Thanks
09-26-2014 07:29 PM
Hii.., No bro.. You are wrong. there no VM. i am using PA-3020. Regards Satish
09-27-2014 11:07 AM
Open the CLI and run the following command
delete license key ?
It will then display all of your licenses. Find the license key for PANDB and it should look something like
PAN_DB_URL_Filtering_2014_05_24_**********.key
Once you find the key for PANDB delete them and then run
request license info
to make sure it has been removed.
Then go back to the GUI and retrieve your licenses or manually add the PANDB auth code.
Let me know if this works. Thanks Satish.
09-30-2014 05:00 AM
HI jperry, Thanks for your reply. let me check and i will back. Regards Satish
09-30-2014 05:02 AM
Dear Jperry, i have tried the same but i am facing same issue. Regards Satish
09-30-2014 10:20 AM
Is your upstream Sonicwall performing SSL decryption? The connection between the firewall and the PAN-DB servers is not compatible with SSL decryption.
10-13-2014 10:06 AM
Thanks all for quick response. after the long R&D we are find out issue with sonicwall firewall. when i have put the direct ISP ip in Mgt port its working fine. but its happen only some case. Thanks a lot for your reply ones again. Regards Satish
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!