PAN-OS 9 - Wildfire Updates skipping; claiming that a newer version already is installed

pan219 · ‎02-13-2019

I have upgraded to PAN-OS 9 yesterday, so far without 'bigger' issues, except:

EDL updates keep failing, claiming that the downloaded file is not a ext file thus using the old version
-> interim fix was to remove the checkmark "block unknown certificate status" on the certificate profile for the EDLs
NTP updates keep failing without further info, just a log entry notifying about the fact
and the worst bit: Wildfire updates always have to be installed manually now. I have not found a solution to this.

See attached pics re Wildfire.

OtakarKlier · ‎02-13-2019

Hello,

I would make sure that no traffic is being blokced with regards to this traffic. If nothing is, I would open a support case. There are quite a few defects in this release that are known and maybe this is a new unknown.

Regards,

pan219 · ‎02-13-2019

the setup has been working flawless under 8.x.x

I have disabled ssl inspection on the interface used by the pan to grab edls and the pan updates, same result. the ntp I have switched to an internal one, same result. error category is auth, error message says ntp sync to server fail, authentication type none. it's a plain vanilla ntp server.

one wildfire update has succeeded in the last hour, since then I am receiving the error messages above.

what a rollercoaster ride.

OtakarKlier · ‎02-13-2019

Would rolling back to the previous code work for your environment? I would even contact suppor and ask their assistance. Honestly they might have released 9 but I would wait until at least 9.0.3 or .4 until moving to it unless there is a feature you truly need.

pan219 · ‎02-13-2019

I have kept a backup of the 8.0.16 configuration to roll back just in case. It's not a production device, just running on my home network, so not a big deal tbh.

OtakarKlier · ‎02-13-2019

Phew, good on you for testing prior to production :). The config should remain the same, you just need to have 8.0.0 code downloaded as well as 8.0.16.

Good luck!

pan219 · ‎02-13-2019

for my home network it's the "production device", so make or break :) but I never would roll out any updates to a corporate device this fast.

nextgenhappiness · ‎02-16-2019

Are you still seeing the error? I have not getting those errors for 2 days now..

E

pan219 · ‎02-17-2019

I have rolled back to 8.1.6 as I was not able to get this solved, but as long as I have been on 9.0 those error have been prevalent.

nextgenhappiness · ‎02-17-2019

Thanks for getting back to me. I have not getting any wildfire update error anymore. I am hoping PAN fixed on the updated file packaging...

PAN-OS 9 - Wildfire Updates skipping; claiming that a newer version already is installed