05-02-2020 08:13 AM - edited 05-02-2020 08:15 AM
Hi all
since last night i get alot of erros from wildfire, antivirus updates, content updates...
All sheduled updates and even manual checks from the gui bring up errors.
No HA config.
Problem is on a 3020 and a old 500.
Ping and trace work to eu.wildfire.paloaltonetworks, wildfire.paloaltonetworks and updates.paloaltonetworks
DNS seems to be ok.
System Log shows 'Connection to Update server: updates.paloaltonetworks.com completed successfully, but searching for updates takes a long time and brings up the error again.
Anyone else with these problems?
My mailbox is spammed with warnings from wildfire (sheduled to all 15 min.).
TIA
Karsten
05-05-2020 07:30 AM
WildFire is currently experiencing an issue providing updates through the CDN infrastructure and Palo Alto is currently monitoring a fix that was pushed at 0301 UTC that should address the issue.
I'd recommend that everyone sign up for communications at https://status.paloaltonetworks.com if you haven't already so that you receive outage and maintenance notifications.
05-03-2020 03:50 PM
Have you checked the URL filtering log? Had a similar issue with a customer that enabled "continue" action on a bunch of categories and was intercepting their own update connections
05-04-2020 08:12 AM
Hey Karsten,
We're experiencing the same issue as well, started happening last night same as you.
Checked Wildfire on our 5250 and it's all up to date as of 11 minutes ago (4pm), but it's still continue to spam our email inboxes with the same message "Failed to check upgrade info due to generic communication error". We temporarily turned off URL filtering and it's made no difference whatsoever.
If the issue continues to persist tomorrow I'm thinking about raising up a support case with Palo.
Thanks,
Scott
05-04-2020 09:15 AM
We have been seeing this intermittently across all our firewalls for the past month or so. Occasionally, we see a lot more of these errors than normal and this past weekend was particularly bad. We changed the update URL to one we found in another post and it doesn't seem like it makes a difference so we changed it back. This is affecting our 220, 820 and 3220 models (running 9.0.6)
My guess is that whatever update source Palo is using is either busy or having problems. It is definitely a transient issue and other than email/alert nags, we also seem to get an update at the next attempt. But the last few months have certainly been worse!
05-04-2020 09:28 AM - edited 05-04-2020 09:33 AM
Hi
checked URL Filter. Was not enabled on the rule for PA Updates.
Turned it on now with action alert to get some URL logs.
Not better now.
Sometimes it works but still a lot errors.
The errors showed up in the last month. But only some.
Now i had them every 5 mins.
Since yesterday it´s a bit better and manual search also worked which did not before when i posted my request.
So it seems the problem is not on my or your site but on palo or their download storage (google cloudstorage?)
Thanks so far for all your replies. Lets see if it gets better soon.
05-04-2020 09:31 AM
Ours is set to alert. I can see it in the URL log and all looks good there.
05-05-2020 02:11 AM
Yeah I'm going to open up a case, see what comes through from it. Temporarily disabled the email alerts since it's literally been hammering our inboxes every 5mins.
05-05-2020 06:40 AM
Funnily enough, after raising a case and then re-enabling the email alerts on our firewall to test if the problem still persists, we are not getting spammed anymore.
So case has been closed.
05-05-2020 06:45 AM - edited 05-05-2020 06:45 AM
I left the email notifications on, partly because I wanted to see how big of a problem it was going to be, and also so I had some good data for a support call. I received one notification at 7:09am (Central) from one firewall and have received none since yesterday at 8:00p. I am not sure if something changed on Palo's side, but I agree that the alerts have pretty much stopped in the last 12 hours or so.
05-05-2020 07:30 AM
WildFire is currently experiencing an issue providing updates through the CDN infrastructure and Palo Alto is currently monitoring a fix that was pushed at 0301 UTC that should address the issue.
I'd recommend that everyone sign up for communications at https://status.paloaltonetworks.com if you haven't already so that you receive outage and maintenance notifications.
05-05-2020 08:08 AM
Thank you very much for the info and the link!!!!! This answers the question. In addition to subscribing, I added the RSS feed to our teams infrastructure and we are all receiving notifications.
05-05-2020 10:11 AM
Thanks for the info.
Seems my subsription went away. I was subsribed for status information but did not recieve them.
Subscribed again and will monitor the updates further.
The errors reduced to a minimum during today. Only 2 errors.
Lets see if it falls back to normal behaviour. 😉
cu
05-05-2020 09:15 PM
Many Thanks for the update Bpry.
06-17-2020 01:21 PM
@BPry I am facing the same issue. i have gone through https://status.paloaltonetworks.com/ link but could not find any thing.
Not able to get any information by this website, below is the screenshot for reference.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
