Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
02-24-2017 11:55 AM
I've recently upgraded a lab 200 to 8.0 from 6.1.4.
After upgrade I couldn't get it to connect out for Software or Dynamic updates, getting an error saying no connectivity basically.
I saw the changes about where communication via the mgmt interface has changed, and thought I had accounted for everything correctly, but I guess I must have missed something.
I went into the service routes which were set to use default or use management for all and changed the ones for dynamic updates and softwareupdates as well as a few others; hardcoding them to the mgmt interface. After I commited these changes the box was able to connect out.
Then after 30 minutes or so the box has lost external connectivity again.
Any thoughts on where I might have something configured incorrectly?
(The PA-200 only has a management connection currently. It sits behind my corporate 5060 which shows the PAN updates going out.)
02-24-2017 12:11 PM - edited 02-25-2017 12:47 AM
l still would start from the cli and try to resolve updates and downloads.paloaltonetorks.com websites. Then if you do have access to the corporate firewall make sure that your lab unit source ip is allowed to get the updates through the 5060 devices.
02-24-2017 03:19 PM
Hi,
I had the same issue.
I rebooted the firewall and it started to work fine.
After some time it happened again.
Regards
02-24-2017 06:29 PM - edited 02-24-2017 06:35 PM
Trance, thanks for the reply, yeah I've got connectivity out.
For some reason URL updates works, but Dynamic Updates and Software Updates aren't working.
I honestly feel like this is a bug, but since this is a lab project of mine I don't really have time to open a TAC case to have it worked on.
My hope is what someone sees this, if it isn't already known and it eventually gets fixed on a version update. I've reloaded the PA-200 multiple times. Messed around with the service routes. Re-installed PAN-OS 8.0 even all with the same results.
admin@PA-200> request url-filtering download paloaltonetworks region North-America
PAN-DB update initiated
admin@PA-200> request url-filtering download status vendor paloaltonetworks
2017-02-24 16:56:34 PAN-DB download: Finished successfully.
02-25-2017 01:18 AM - edited 02-25-2017 03:24 AM
Interesting. Are you able to create a policy on the 5060 with any any (without any profiles) for the source ip of your lab unit and test again?
02-25-2017 01:22 PM
It's not a security profile issue. It was working before, using the same profile(s).
02-25-2017 01:35 PM - edited 02-25-2017 01:36 PM
Hi,
I am just trying to eliminate all possible issues with any other inline devices. Not the best option but reverting back to 7.1.x release probably (should) prove PAN-OS 8.0.0 bug or issue.
02-25-2017 02:15 PM
I appreciate the responses. I'll revert back and see how things go.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
