PA-410 Firewall not fetching dynamic and software updates

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PA-410 Firewall not fetching dynamic and software updates

L2 Linker

We have a customer who is not able to fetch software version and dynamic updates

 

In CLI, we checked reachability to updates.paloaltonetworks.com, and we are able to reach and also updates.paloaltonetworks.com address is getting resolved

we then restarted the management server from CLI still no luck .

we then manually added the dynamic updates from portal and manually updated preferred software version 10.2.9-h1, after that we reboot the device, but still firewall is not fetching software updates

We have tried by changing the service route for Palo Alto Updates and restarted device-server but no luck, and also tried by reboot of the firewall still not getting updates .

We checked device certificate and software licences it looks fine

We also tried by unchecking verify update server identity and did commit but no luck 

Device model:- PA-410

Software version:-10.2.9-h1

 

Regards,

Chandrashekhar

3 REPLIES 3

L1 Bithead

I have seen this issue before and it usually (but not always) relates to disk space, recently I resolved this on an HA pair of 3060s by running a CLI command that removes old cached update files and then the content install will work again until disk space is low again... the only way to see this was to use CLI commands to trigger the content install and then do a show job I'd XXXX to view the output and I was able to see a lot of VERY useful into that would have been nice to see in the UI or system logs. I am on a different machine so I do not have access to the command used that allowed the download/install to work right now but try with some of the disk cleanup KBs from PAN to see if that might be the issue. In this particular case there was 1.2Gb free which seems like enough for a 35Mb update file but during the extraction process and scripts it expanded beyond the available space and would fail.

Dear Hafenlabs,

Thanks for your response,

actually disk space is not an issue, it is only 49% full, so lots of space is still available

Cyber Elite
Cyber Elite

Hello,

Check your consolidated logs to see if the traffic is getting blocked, decrypted etc. You should have a security policy to ignore all inspection and do not decrypt the pan updates etc.

 

Regards,

  • 1828 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!