Some of our PA's are failing to get updates with a "generic communication failure"
They go out the same rule on one PA.
The DR site seems to be ok.
DNS and trace route seem fine...
Hmmm this was posted earlier this month, here was the resolution, HTH.
But I found the issue: Some of the update traffic is now classified as "ssl" and not "paloalto-updates". When you try multiple times, it eventually contacts a download server which is classified as "paloalto-updates". With "ssl" added to the rule, it works now instantly and every time. Thanks for your help.
We also had ours do the same thing. My guess is that it was an issue on PAN's side. However today all of mine are getting updates. Maybe check the traffic logs to see if they are getting blocked on your side? By default they will check from the management port.
It's working now.
Pulling from "184.108.40.206"
It was failing on "220.127.116.11"
Prior to the issue it seemed to be trying both,
During the issue just trying 34.84....
Now just using 199.167....
So I guess they have a broken repository.
So, to hopefully conclude this..
After going back to support a few times, they have finally said that "Senior Resource" has said they are migrating to Google Cloud. And had received reports that users could not connect. etc..
My summary. Failed service migration by PA, nothing to do with our hardware, configuration or internet.
I'm having a somewhat similar issue, but this has to do with the schedule itself. For instance, I have App & Threat set to download and install every hour. The schedule runs, and returns (in System Log) "Auto update agent found no new Content updates".
However, if I manually refresh the new updates will appear. On the next schedule the download start and install. I tried this on 2 PA-220's: same schedule and I manually refreshed one of them. And sure enough, the one that I did not manually refresh stayed put on the old content.
This is driving me mad
We encounter the same in a global PA deployment.
Automatic content updates dont work anymore, triggering it manually on the device works fine.
However, automatic antivirus updates still work fine.
Sounds like the exact same issue. Do you have Panorama in your environment? We encounter the same issue on Panorama app/threat.
On a few firewalls that have not yet been connected to Panorama, it seems like the content works as well. We did have an issue with it not updating in december, but disabling the schedules (content & av), commiting, enabling the schedules and commiting seemed to resolve the issue.
Yes, Panorama itself has the same issue with content updates. Download and install schedules are pushed from Panorama to devices via template setting.
I am guessing it's somewhat geographical [I am in the UK], and the GOOGLE CDN address I WAS getting would not be the same as say the one for the US. Which may account for it not affecting a wider audience.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!