- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-09-2020 12:40 PM
I am spinning up a new 820 HA pair and on my last site I am getting an error when downloading the OS and dynamic updates. The other site work fine. I am getting the following error:
Can any one help me out here? Im on 9.0.4 trying to go to 9.1.4
11-09-2020 02:39 PM
Can you manually download 9.1.0 and 9.1.4 and then upload directly to the FW?
Thanks
11-10-2020 06:59 AM
I can and have manually uploaded them to both firewalls but that still does not fix the issue. I keep getting Protocol error during the download phase. I was able to pull license and see the newer updates i just cant complete the download process.
11-11-2020 04:22 AM - edited 11-11-2020 04:24 AM
Hi Jon
If you manually downloaded and uploaded the software, then I am presuming the uploading (and subsequent) rebooting of the FW now puts you at the 9.1 (or whatever version).
I have "presumptions made":
This a new install.
You have a mgmt IP/mask/default GW and that is confirmed.
You are using a public (for testing purposes) DNS of 4.2.2.2 or 8.8.8.8
The mgmt port is not connected to the network via a vlan (meaning the mgmt network is not a vlan network), so all traffic, from mgmt port to Internet is untagged.
As this is a new site, what troubleshooting has been performed to confirm this is NOT a network related issue, preventing the updates/downloads?
In order for you to properly troubleshoot this, clear all system logs from the FW (blank slate). Next you will need to do a tcpdump on the management interface, while you attempt to do the download of software. After this, you will go to the support area of the FW and run a tech support file. This will capture all of your configurations/files/settings/logs, etc. Finally, it is recommended to open a web case with TAC, with all the files I have described, and let TAC assist you towards resolution.
Please advise us as to what you find.
Good Luck!
11-12-2020 03:00 PM
Hello,
Make sure your management port can access the paloalto update sites. Also make sure you are not inspecting or decrypting that traffic as that will break it as well. Check the traffic logs from the management interface to the internet and it should tell you the problem.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!