Failed O365 Updates

cancel
Showing results for 
Search instead for 
Did you mean: 

Failed O365 Updates

L1 Bithead

We have two sites running PA-3020, one site is able to download O365 updates but the second site fails to download and install the updates. Not sure what im supposed to be setting on the 2nd Palo Alto to get this working.

 

They are both running 9.0.12 update

 

4 REPLIES 4

Cyber Elite
Cyber Elite

Hi @ImranRazaq 

Some more informations would be helpful. Like ...

  • Is the security policy the same on both firewalls?
  • Do you have url filtering enabled?
  • Do you have decryption enabled?
  • Did you check the logs if you see something blocked?
  • Did you check locally on a client so see which connection exactly isn't working (to which url)?

I cant seem to locate the security policy which allows traffic to pass through.

URL filtering is enabled on both
Decryption is enabled on the working on and not on the non working one

 

ImranRazaq_0-1623066782119.png

 

Cyber Elite
Cyber Elite

@ImranRazaq,

Since your configuration isn't the same between working and non-working units I would toss the fact that one of your sites is working out of the window. Troubleshoot the same way you would for anything else that is broken and ignore the working site all-together since they aren't actually the same (or at least, your comment makes them seem to not be the same).

 

Take a single "test" client that you can use at the non-working site and enable full logging for that client and take a packet capture of all of the traffic. When the update fails, review the firewall and the packet capture to identify what actually isn't being allowed to pass through the firewall. Chances are you'll see the traffic getting denied in your firewall logs and you won't have to go through the packet capture. 

L1 Bithead

ive ran packet capture on the firewall and getting below results from the wireshark

 

ImranRazaq_0-1623250096326.png

 

ive tried this on the working firewall with the below results

 

ImranRazaq_1-1623250144488.png

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!