Multiple issues on Dynamic Updates PA-220

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Multiple issues on Dynamic Updates PA-220

L1 Bithead

Hi Palo Alto Community Team,

 

I'm facing Multiple issues on Dynamic Updates PA-220, the thing is, in our company we have a PA-220 available and with active Premium Support license for all 2023, this FW was restored using factory reset process and get back to PAN-OS 8.0.7 and updated following the order

 

8.0.7 > 8.0.19-h1

 

The FW was updated but now we're receiving an error message when try to update from 8.0.19-h1  to   8.1.0, apparently issue comes on the Dynamic Updates on the FW that stop appearing for 8.0 PAN-OS Version since August 2022, in this case I try to do it manually from the

 

PA CSP -> Updates > Dynamic Updates

 

FW_SoftwareUpdate_Error.jpg

 

But all updates for all categories are from this year 2023, I download and upload manually on the FW the

 

panupv2-all-apps-8687-7932 dated on March 17, 2023

 

But when is loading FW CPU goes over 100% and get an error, although the error when go to

 

Dynamic Updates > Install From File > Package Type > Apps And Threats > panupv2-all-apps-8687-7932 

 

PackagesAvailables.jpg

 

The file appears to be available but when install shows another error.

 

Error_Install_AllApps_86877932.jpg

My question here would be,

1.- ¿Is there a Dynamic Updats Library previous versions of Dynamic updates for previous PAN-OS Version can be downloaded?

2.- ¿Is there any way, using console or WebGui to load directly de PAN-OS 9.1 or higher in order to be able to upgrade the Firewall with a Factory reset ?

Thanks in advance for your answers

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello,

Make sure your management interface can get to the internet without any decryption or inspection policies. Then go to Device->Dynamic Updates. At the bottom, click 'Check Now'. this will have the palo alto reach out to the internet services and grab the latest versions. Once you download and install the App/Threats one, click the check now again and download and install the antivirus ones.

 

Also you can grab a secure config from https://live.paloaltonetworks.com/t5/general-articles/secure-day-one-configuration-not-for-the-faint... .

 

Regards,

 

L1 Bithead

Hi  @OtakarKlier , thanks for your answer.

 

Yes, I have completed the configuration of the device in order to reach internet with the DNS servers, in  this case I have not generated any rule yet, only have the MGMT configuration to be accessed remotely, run a couple CLI tests in order to double check.

 

FW_Device_Services_Config.jpg

 

Using CLI with MGMT IP address as a source as well

 

FW_InternetPingSourceMGMTInt.jpg

Also I was able to obtain a Dynamic Update from other sources

 

panupv2-all-contents-8424-6791

 

Loaded but when try to install it  obtain a differente error, looks like updates are also linked to license as well.

Error_Install_AllContent84246791.jpg

 

In this case Is it possible to install the PAN-OS from a USB and using some recovery or factory mode?, I think that would be the fastest solution

Cyber Elite
Cyber Elite

Hello,

I dont think you need to factory reset it. You need the dynamic updates regardless. I would check the traffic in the logs to see why/if its getting blocked etc.

 

Regards,

  • 1551 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!