Unable to download Dynamic Updates/

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to download Dynamic Updates/

Not applicable

So, has anyone run into an issue with downloading Dynamic Updates? We are curently running a pair of PA-4060's in active/passive mode, with PAN-OS Software version 3.1.9. I have configured the firewalls to download only and sync to peer both the Application and Threat signatures everyday at 1800 and the Antivirus signatures every hour on the hour. The URL Filtering signature is configured for download and install everyday at 0100.

Currently, the primary unit shows new content available for both App/Threats and Antivirus. After initiating a download of either, and selecting synchronization with HA Peer, the status goes from "Processing" to "Failed" after a few seconds. The details claim that another download is in progress, and to try again later. Might tis be a bug in the v3.1.9 codebase? We are looking to move up to v4.x.x, but probably in within the next six months. We are able to manually download from the PA website the sig files and manually upload and install them to both appliances without any issues.

Thoughts, ideas, solutions perchance? Thanks.

1 accepted solution

Accepted Solutions

Hello

If your message says a download is in progress, have you been able to go to the CLI and to check for any previously pending downloads?

>Show jobs all

should show you that info.

If you have any pending downloads - check the date and if you find that it is from some time ago, please clear that job ID

> clear job id <jobid #>

Once that is done, try the manual download and if that works and completes, any future downloads should work.

View solution in original post

9 REPLIES 9

L6 Presenter

Have you tried to manually download the updates and manually upload them to both devices and then commit the updates?

I have seen for the past month or so several similar questions on this forum with failing updates but there is still no official comment (that I have found but I didnt search for that long on the other hand) for why this is happening (my best guess so far is that some update failed big time and for some cases you need to do a manual update to the latest package to get it flowing again).

At this time, we are able to manually download and upload the Application and Threats and Antivirus signatures to the primary firewall and perform an HA sync to the secondary firewall. the automatic downloads we have scheduled are inoperative, and manually clicking on the button to initiate a download results in a return message stating there is currently a download in progress and fails. I am very interested to know if this issue is isolated to the 3.1.x code, or also occurs in the 4.x.x code as well.

Do you have a DNS server setup in the device configuration?

No, I mean go to https://support.paloaltonetworks.com and login. Then in the right menu click on "Dynamic Updates".

Here you can download both the threat & app db along with the url db in a single file to your computer.

Upload then the files needed in the webgui of your PAN devices (Device -> Software if im not mistaken). Then you click on "install from file" (the file(s) must first be uploaded to the PAN before they will show up in the list of "install from file").

Not applicable

@its@fscj.edu - Yes, we do have our campus DNS servers defined under the Device tab - Setup.

@mikand - At the moment, the manual download and importation of the signature files from the https://support.paloaltonetworks.com web portal is the only way we can update signatures. What is broken is under  the Device tab, Dynamic Updates link on the left pane of the page, and the scheduled options to check and/or download the latest signature files.

Hello

If your message says a download is in progress, have you been able to go to the CLI and to check for any previously pending downloads?

>Show jobs all

should show you that info.

If you have any pending downloads - check the date and if you find that it is from some time ago, please clear that job ID

> clear job id <jobid #>

Once that is done, try the manual download and if that works and completes, any future downloads should work.

@sjamalluddin - that turned out to be the fix. You beat me to posting it, but thank you and everyone else for taking the time out to assist me with this issue. It looks like the 4.1.x code has a option where it will allow you to monitor jobs and their status from the gui. Everyone have a great weekend!!

There is a fix for the download process showing pending status for a long time in 4.1.2 and 4.0.8.With the fix the previous workaround is not needed.

Thank

Any chance of that fix being ported to 3.1?

  • 1 accepted solution
  • 13919 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!