12-20-2019 09:08 AM
Some of our PA's are failing to get updates with a "generic communication failure"
They go out the same rule on one PA.
The DR site seems to be ok.
DNS and trace route seem fine...
Rob
12-20-2019 09:32 AM
Hmmm this was posted earlier this month, here was the resolution, HTH.
But I found the issue: Some of the update traffic is now classified as "ssl" and not "paloalto-updates". When you try multiple times, it eventually contacts a download server which is classified as "paloalto-updates". With "ssl" added to the rule, it works now instantly and every time. Thanks for your help.
12-20-2019 02:09 PM
Hello,
We also had ours do the same thing. My guess is that it was an issue on PAN's side. However today all of mine are getting updates. Maybe check the traffic logs to see if they are getting blocked on your side? By default they will check from the management port.
Regards,
12-23-2019 12:44 AM
It's working now.
Pulling from "199.167.52.141"
It was failing on "34.84.96.34"
Prior to the issue it seemed to be trying both,
During the issue just trying 34.84....
Now just using 199.167....
So I guess they have a broken repository.
01-10-2020 12:59 AM
So, to hopefully conclude this..
After going back to support a few times, they have finally said that "Senior Resource" has said they are migrating to Google Cloud. And had received reports that users could not connect. etc..
My summary. Failed service migration by PA, nothing to do with our hardware, configuration or internet.
Cheers
Rob
01-10-2020 05:14 AM
I'm having a somewhat similar issue, but this has to do with the schedule itself. For instance, I have App & Threat set to download and install every hour. The schedule runs, and returns (in System Log) "Auto update agent found no new Content updates".
However, if I manually refresh the new updates will appear. On the next schedule the download start and install. I tried this on 2 PA-220's: same schedule and I manually refreshed one of them. And sure enough, the one that I did not manually refresh stayed put on the old content.
This is driving me mad
01-10-2020 05:39 AM
We encounter the same in a global PA deployment.
Automatic content updates dont work anymore, triggering it manually on the device works fine.
However, automatic antivirus updates still work fine.
01-10-2020 05:49 AM
Sounds like the exact same issue. Do you have Panorama in your environment? We encounter the same issue on Panorama app/threat.
On a few firewalls that have not yet been connected to Panorama, it seems like the content works as well. We did have an issue with it not updating in december, but disabling the schedules (content & av), commiting, enabling the schedules and commiting seemed to resolve the issue.
01-10-2020 06:00 AM
Yes, Panorama itself has the same issue with content updates. Download and install schedules are pushed from Panorama to devices via template setting.
01-10-2020 07:05 AM
I am guessing it's somewhat geographical [I am in the UK], and the GOOGLE CDN address I WAS getting would not be the same as say the one for the US. Which may account for it not affecting a wider audience.
Rob
01-10-2020 08:32 AM
Wow, we just noticed this the other day. Since the 12/17 our updates have been failing. Do it manually and it worked fine. I opened a case but they said to restart the management plane.
01-12-2020 11:23 PM
I've restarted a few of the firewalls and also upgrading them to 9.0.4 without any improvement. So I guess restarting the Management plane won't do much good.
01-15-2020 12:09 AM
Seems like our firewalls are acting normally now when it comes to content updates. How about you guys?
01-15-2020 02:26 AM
I don't think we have seen and issue since late December.
Rob
01-16-2020 05:30 AM
Me too. We had 16 out of 18 firewalls not updating, but they all grabbed the last update without a problem.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
