Global Protect Datafile Version mismatch

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Global Protect Datafile Version mismatch

L2 Linker

Im working thru the process to roll out the Global Protect VPN software to our laptop users - I have three PA boxes, a 2050 and two 2020s - all are running 4.1.3, all have GP gateway licences & client 1.1.4 installed although we only have one portal licence for the 2050 (and so only one portal configured).

I have the portal setup & publishing a profile with all three gateways in it, it appears to work correctly & connect you to the closest gateway - good ! - the next step is to setup the HIP profiles to control which machines are allowed access to the internal network.

I notice that I have different versions of the GP datafile on each box - Dynamic Update is set to check daily & everything else (URL filter, threats etc) are in sync - but the GP datafiles are not. They are updating, but the versions appear to be different for each gateway.

The versions I have are:

2050     1332385291

2020     1332381691

2020     1332183690

- so the question is why are they different, & will that be a problem when I enable the HIP checks ?

Thanks - Nick.

2 REPLIES 2

L5 Sessionator

Hi SimmSimm,

It looks like there are a couple different sites we pull these data files from. You may need to get a case open for us to fully review it, but my assumption is each site is giving a different data file.

You can run:

> less mp-log avdata.log

-----Example Output

<GlobalProtect xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.paloaltonetworks.com/">  <result>New version found.</result>  <file_version>1332460882</file_version>  <lastModified>2012-03-22T17:12:09</lastModified>  <file_location>http://c733.r33.cf1.rackcdn.com/epupdate_hist.140</file_location>  <encryption_key>21728451bcb06c96dab005f3a8ae55450e16114f731ce0a40b6eb292c246ef6a</encryption_key></GlobalProtect>

-----Example Output

You can then see which location each device went and what data file version it pulled down. Perhaps comparing this output on each device will yield some information for you.

I don't think this will cause an issue if you enable HIP checks, because according to the documentation the files just contain a list of vendors.

"The GlobalProtet Data File, located on the Device tab> Dynamic Updates, contains the OPSWAT file that lists the vendors to be used in the HIP object configuration.  You must have valid Global Protect Gateway and Portal licensing and configure theSchedule for the downloads before they will occur."

Thanks,

Jason Seals

Jason - thanks - thats useful.

The answer seems to be that the servers are in different timezones & the GP datafile versions seem to be changing hourly:

For the London server in GMT TZ, I see:

<GlobalProtect xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.paloaltonetworks.com/">

<result>New version found.</result>
<file_version>1332471712</file_version>
<lastModified>2012-03-22T20:12:08</lastModified>
<file_location>http://c733.r33.cf1.rackcdn.com/epupdate_hist.142</file_location>
<encryption_key>a74d03595fdfc36b0f4df117f303955b1b250669671a1b140881c60da227743b</encryption_key>
</GlobalProtect>
Fri Mar 23 04:05:04 GMT 2012 : update version exist
Fri Mar 23 04:05:04 GMT 2012 : file location http://c733.r33.cf1.rackcdn.com/epupdate_hist.142

For the Europe server in CET TZ I see:

<GlobalProtect xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.paloaltonetworks.com/">
<result>New version found.</result>
<file_version>1332468075</file_version>
<lastModified>2012-03-22T19:12:09</lastModified>
<file_location>http://c733.r33.cf1.rackcdn.com/epupdate_hist.141</file_location>
<encryption_key>c6bb1d1662a63d7426f91d3d00b6c68c777bbad5d21f6fee99798d4514965fa0</encryption_key>
</GlobalProtect>
Fri Mar 23 04:05:04 CET 2012 : update version exist
Fri Mar 23 04:05:04 CET 2012 : file location http://c733.r33.cf1.rackcdn.com/epupdate_hist.141

& for the Asia server in HKT I see:

<GlobalProtect xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.paloaltonetworks.com/">
<result>New version found.</result>
<file_version>1332442882</file_version>
<lastModified>2012-03-22T12:12:07</lastModified>
<file_location>http://c733.r33.cf1.rackcdn.com/epupdate_hist.135</file_location>
<encryption_key>2f155bda6a20349c1259fce9cedeb554f207bce85b579dfcf0093d4632af94a4</encryption_key>
</GlobalProtect>
Fri Mar 23 04:02:10 HKT 2012 : update version exist
Fri Mar 23 04:02:10 HKT 2012 : file location http://c733.r33.cf1.rackcdn.com/epupdate_hist.135

So I expect that if I set the update to hourly for GP datafile all three should get into sync.

For completeness, the reason that I would like them in sync is that I use Panorama to push a global HIP policy, & appear to have had policy fail to load on one gateway in the past because vendor information that I use in the HIP objects is not available in the version of the datafile on that gateway, but is available on the others.

Thanks - Nick.

  • 2183 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!