03-31-2023 10:56 AM
Hi Palo Alto Community Team,
I'm facing Multiple issues on Dynamic Updates PA-220, the thing is, in our company we have a PA-220 available and with active Premium Support license for all 2023, this FW was restored using factory reset process and get back to PAN-OS 8.0.7 and updated following the order
8.0.7 > 8.0.19-h1
The FW was updated but now we're receiving an error message when try to update from 8.0.19-h1 to 8.1.0, apparently issue comes on the Dynamic Updates on the FW that stop appearing for 8.0 PAN-OS Version since August 2022, in this case I try to do it manually from the
PA CSP -> Updates > Dynamic Updates
But all updates for all categories are from this year 2023, I download and upload manually on the FW the
panupv2-all-apps-8687-7932 dated on March 17, 2023
But when is loading FW CPU goes over 100% and get an error, although the error when go to
Dynamic Updates > Install From File > Package Type > Apps And Threats > panupv2-all-apps-8687-7932
The file appears to be available but when install shows another error.
My question here would be,
1.- ¿Is there a Dynamic Updats Library previous versions of Dynamic updates for previous PAN-OS Version can be downloaded?
2.- ¿Is there any way, using console or WebGui to load directly de PAN-OS 9.1 or higher in order to be able to upgrade the Firewall with a Factory reset ?
Thanks in advance for your answers
03-31-2023 11:19 AM
Make sure your management interface can get to the internet without any decryption or inspection policies. Then go to Device->Dynamic Updates. At the bottom, click 'Check Now'. this will have the palo alto reach out to the internet services and grab the latest versions. Once you download and install the App/Threats one, click the check now again and download and install the antivirus ones.
Also you can grab a secure config from https://live.paloaltonetworks.com/t5/general-articles/secure-day-one-configuration-not-for-the-faint... .
03-31-2023 05:10 PM
Hi @OtakarKlier , thanks for your answer.
Yes, I have completed the configuration of the device in order to reach internet with the DNS servers, in this case I have not generated any rule yet, only have the MGMT configuration to be accessed remotely, run a couple CLI tests in order to double check.
Using CLI with MGMT IP address as a source as well
Also I was able to obtain a Dynamic Update from other sources
Loaded but when try to install it obtain a differente error, looks like updates are also linked to license as well.
In this case Is it possible to install the PAN-OS from a USB and using some recovery or factory mode?, I think that would be the fastest solution
04-04-2023 02:29 PM
I dont think you need to factory reset it. You need the dynamic updates regardless. I would check the traffic in the logs to see why/if its getting blocked etc.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!