PAN-OS 8.0 Updates

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PAN-OS 8.0 Updates

L6 Presenter

I've recently upgraded a lab 200 to 8.0 from 6.1.4.

 

After upgrade I couldn't get it to connect out for Software or Dynamic updates, getting an error saying no connectivity basically.

 

I saw the changes about where communication via the mgmt interface has changed, and thought I had accounted for everything correctly, but I guess I must have missed something.

 

I went into the service routes which were set to use default or use management for all and changed the ones for dynamic updates and softwareupdates as well as a few others; hardcoding them to the mgmt interface.  After I commited these changes the box was able to connect out.

 

Then after 30 minutes or so the box has lost external connectivity again.

 

Any thoughts on where I might have something configured incorrectly?  

 

(The PA-200 only has a management connection currently.  It sits behind my corporate 5060 which shows the PAN updates going out.)

7 REPLIES 7

L6 Presenter

l still would start from the cli and try to resolve updates and downloads.paloaltonetorks.com websites. Then if you do have access to the corporate firewall make sure that your lab unit source ip is allowed to get the updates through the 5060 devices.

L6 Presenter

Hi,

 

I had the same issue.

I rebooted the firewall and it started to work fine.

 

After some time it happened again.

 

Regards

 

Trance, thanks for the reply, yeah I've got connectivity out.  

 

 

For some reason URL updates works, but Dynamic Updates and Software Updates aren't working.

 

I honestly feel like this is a bug, but since this is a lab project of mine I don't really have time to open a TAC case to have it worked on.  

 

My hope is what someone sees this, if it isn't already known and it eventually gets fixed on a version update.  I've reloaded the PA-200 multiple times.  Messed around with the service routes.  Re-installed PAN-OS 8.0 even all with the same results.

 

 

 

admin@PA-200> request url-filtering download paloaltonetworks region North-America

PAN-DB update initiated

 

 

admin@PA-200> request url-filtering download status vendor paloaltonetworks

2017-02-24 16:56:34 PAN-DB download: Finished successfully.

 

 

 

 PA-200.JPG

 

PA-200_PAN-DB.JPG

Interesting. Are you able to create a policy on the 5060 with any any (without any profiles) for the source ip of your lab unit and test again?

It's not a security profile issue.  It was working before, using the same profile(s).

Hi,

 

I am just trying to eliminate all possible issues with any other inline devices. Not the best option but reverting back to 7.1.x release probably (should) prove PAN-OS 8.0.0 bug or issue.

I appreciate the responses.  I'll revert back and see how things go.

  • 3574 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!