HELP! Failed to download due to protocol error. Please try again later. updater error code:-28

Reply
Highlighted
L0 Member

HELP! Failed to download due to protocol error. Please try again later. updater error code:-28

I am spinning up a new 820 HA pair and on my last site I am getting an error when downloading the OS and dynamic updates. The other site work fine. I am getting the following error:

 

  • Failed to download due to protocol error. Please try again later.
  • updater error code:-28

Can any one help me out here? Im on 9.0.4 trying to go to 9.1.4

Highlighted
Cyber Elite

Can you manually download 9.1.0 and 9.1.4 and then upload directly to the FW?

 

Thanks

 

 

Help the community: Like helpful comments and mark solutions
Highlighted
L0 Member

I can and have manually uploaded them to both firewalls but that still does not fix the issue. I keep getting Protocol error during the download phase. I was able to pull license and see the newer updates i just cant complete the download process. 

Highlighted
Cyber Elite

Hi Jon

 

If you manually downloaded and uploaded the software, then I am presuming the uploading (and subsequent) rebooting of the FW now puts you at the 9.1 (or whatever version). 

 

I have "presumptions made":

This a new install.

You have a mgmt IP/mask/default GW and that is confirmed.

You are using a public (for testing purposes) DNS of 4.2.2.2 or 8.8.8.8

The mgmt port is not connected to the network via a vlan (meaning the mgmt network is not a vlan network), so all traffic, from mgmt port to Internet is untagged.

 

As this is a new site, what troubleshooting has been performed to confirm this is NOT a network related issue, preventing the updates/downloads?

 

 

In order for you to properly troubleshoot this, clear all system logs from the FW (blank slate).  Next you will need to do a tcpdump on the management interface, while you attempt to do the download of software.    After this, you will go to the support area of the FW and run a tech support file.  This will capture all of your configurations/files/settings/logs, etc.  Finally, it is recommended to open a web case with TAC, with all the files I have described, and let TAC assist you towards resolution.

 

Please advise us as to what you find.

Good Luck!

Help the community: Like helpful comments and mark solutions
Highlighted
Cyber Elite

Hello,

Make sure your management port can access the paloalto update sites. Also make sure you are not inspecting or decrypting that traffic as that will break it as well. Check the traffic logs from the management interface to the internet and it should tell you the problem.

 

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!