Panorama - dynamic updates not working

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Panorama - dynamic updates not working

L4 Transporter

Software Version 8.0.9

Application Version 8024-474 

 

Panorama VM is not receiving dynamic updates. I have checked traffic is allowed and also license is not expired.

On manual check it is getting this error.

 

image.png

 

image.pngAlso tried updating by directly uploading the file. Apps+Threats file uploaded but gave error below.

image.png

 

Apps file uploaded and it was able to get installed. But i think now Panorama does not have any Threat information.

image.png

4 REPLIES 4

L7 Applicator

For the communication error, the simplest reason is usually that DNS hasn't been set up (or is not reachable). From Panorama's CLI, see if you can get the IP from the ping command. Note that you won't get a response from ping, but you should see the IP resolve:

 

 

> ping host updates.paloaltonetworks.com
PING updates.inap.gslb.paloaltonetworks.com (199.167.52.141) 56(84) bytes of data.
^C
--- updates.inap.gslb.paloaltonetworks.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms

As for the manual upload, you can't upload the App+Threat to Panorama since it has no concept of threats for itself. You would need just the App package ("panupv2-all-apps") if you're uploading to it manually.

@gwesson  DNS is setup but as you said PA IP does not respond.

 

Panorama> ping host updates.paloaltonetworks.com
PING updates.inap.gslb.paloaltonetworks.com (199.167.52.141) 56(84) bytes of data.
^C
--- updates.inap.gslb.paloaltonetworks.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3004ms

 

image.png

Good deal. 

 

You blocked out the source IP address, so hopefully it's a NAT address. If you're not doing source NAT, then you'll need to do that as well so the responses can be routed back to your Panorama management IP. If the NAT is good, your best bet may be to open a support case. 

TAC case it will be then. Thanks.

  • 3665 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!