PAN-OS 8.0 Updates

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
Cyber Elite

PAN-OS 8.0 Updates

I've recently upgraded a lab 200 to 8.0 from 6.1.4.

 

After upgrade I couldn't get it to connect out for Software or Dynamic updates, getting an error saying no connectivity basically.

 

I saw the changes about where communication via the mgmt interface has changed, and thought I had accounted for everything correctly, but I guess I must have missed something.

 

I went into the service routes which were set to use default or use management for all and changed the ones for dynamic updates and softwareupdates as well as a few others; hardcoding them to the mgmt interface.  After I commited these changes the box was able to connect out.

 

Then after 30 minutes or so the box has lost external connectivity again.

 

Any thoughts on where I might have something configured incorrectly?  

 

(The PA-200 only has a management connection currently.  It sits behind my corporate 5060 which shows the PAN updates going out.)

Highlighted
L6 Presenter

l still would start from the cli and try to resolve updates and downloads.paloaltonetorks.com websites. Then if you do have access to the corporate firewall make sure that your lab unit source ip is allowed to get the updates through the 5060 devices.

Highlighted
L6 Presenter

Hi,

 

I had the same issue.

I rebooted the firewall and it started to work fine.

 

After some time it happened again.

 

Regards

 

Highlighted
Cyber Elite

Trance, thanks for the reply, yeah I've got connectivity out.  

 

 

For some reason URL updates works, but Dynamic Updates and Software Updates aren't working.

 

I honestly feel like this is a bug, but since this is a lab project of mine I don't really have time to open a TAC case to have it worked on.  

 

My hope is what someone sees this, if it isn't already known and it eventually gets fixed on a version update.  I've reloaded the PA-200 multiple times.  Messed around with the service routes.  Re-installed PAN-OS 8.0 even all with the same results.

 

 

 

admin@PA-200> request url-filtering download paloaltonetworks region North-America

PAN-DB update initiated

 

 

admin@PA-200> request url-filtering download status vendor paloaltonetworks

2017-02-24 16:56:34 PAN-DB download: Finished successfully.

 

 

 

 PA-200.JPG

 

PA-200_PAN-DB.JPG

Highlighted
L6 Presenter

Interesting. Are you able to create a policy on the 5060 with any any (without any profiles) for the source ip of your lab unit and test again?

Highlighted
Cyber Elite

It's not a security profile issue.  It was working before, using the same profile(s).

Highlighted
L6 Presenter

Hi,

 

I am just trying to eliminate all possible issues with any other inline devices. Not the best option but reverting back to 7.1.x release probably (should) prove PAN-OS 8.0.0 bug or issue.

Highlighted
Cyber Elite

I appreciate the responses.  I'll revert back and see how things go.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!