download PAN-DB Error

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

download PAN-DB Error

L4 Transporter

Dear Friends, I am try to download PAN-DB for URL but i am getting below error. please suggest. PAN-DB list Loading Failed (ERROR: SSL Connect Error)

30 REPLIES 30

Just FYI.

Once you will try to download any update, there will be 2 separate connections established to complete it successfully. 1st, it will try to reach the license server to verify the license information for the device S/N. Upon successful completion, it will try to establish an another SSL connection to a CDN network ( Public IP starts with 192.x.x.x.x) to download the actual database.

So, we need to make sure SSL is allowed throughout the path. Pls verify if any SSL packet with destination prefix (192 or 191 ) is getting dropped at sonicwall.

Thanks

Oky Bro.., Let me check and come back to you. Thanks Regards Satish

Satish

You can sniff the traffic in your management interface by using the following commands

> tchdump <--- let this command run for 10-15 seconds after trying to manually update

>  view-pcap mgmt-pcap mgmt.pcap mgmt.pcap <--- it will show you the PCAP output for the management interface

> view-pcap verbose++ yes mgmt-pcap mgmt.pcap  <-- will give you more detailed output


It sounds as if something may be blocking that traffic on the sonicwall but we won't know until more detail.

Do you see any log output on the Sonicwall saying it is blocking an item?

Dear Jperry, Thanks for your reply. i will do this tomorrow and come back to hare. Thanks Regards Satish

Something up with SSL connectivity. Logs should give a clue.

Perhaps you can open a support ticket for quicker resolution?

L4 Transporter

Hi All, Till i am facing issue no traffic block bye Sonicwall, I am able to telnet port 443. any idea friends. Regards Satish

Hello Satish,

Could you please share the ms.log output.

Thanks

lo.png

Hello Satish,

I hope this is a VM machine, where you are trying to download the PAN-DB database. Could you please check if "Verify update Server Identity" option is checked on this VM. This option is available under Device > Setup > Service. If yes, please uncheck that option and try once again. ( a commit required).

Thanks

L4 Transporter

Hii.., No bro.. You are wrong. there no VM. i am using PA-3020. Regards Satish

L5 Sessionator

Satish

Open the CLI and run the following command

delete license key ?

It will then display all of your licenses. Find the license key for PANDB and it should look something like

PAN_DB_URL_Filtering_2014_05_24_**********.key

Once you find the key for PANDB delete them and then run

request license info

to make sure it has been removed.

Then go back to the GUI and retrieve your licenses or manually add the PANDB auth code.

Let me know if this works. Thanks Satish.

HI jperry, Thanks for your reply. let me check and i will back. Regards Satish

Dear Jperry, i have tried the same but i am facing same issue. Regards Satish

Is your upstream Sonicwall performing SSL decryption?  The connection between the firewall and the PAN-DB servers is not compatible with SSL decryption.

L4 Transporter

Thanks all for quick response. after the long R&D we are find out issue with sonicwall firewall. when i have put the direct ISP ip in Mgt port its working fine. but its happen only some case. Thanks a lot for your reply ones again. Regards Satish

  • 9714 Views
  • 30 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!