- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-31-2012 07:23 PM
So, has anyone run into an issue with downloading Dynamic Updates? We are curently running a pair of PA-4060's in active/passive mode, with PAN-OS Software version 3.1.9. I have configured the firewalls to download only and sync to peer both the Application and Threat signatures everyday at 1800 and the Antivirus signatures every hour on the hour. The URL Filtering signature is configured for download and install everyday at 0100.
Currently, the primary unit shows new content available for both App/Threats and Antivirus. After initiating a download of either, and selecting synchronization with HA Peer, the status goes from "Processing" to "Failed" after a few seconds. The details claim that another download is in progress, and to try again later. Might tis be a bug in the v3.1.9 codebase? We are looking to move up to v4.x.x, but probably in within the next six months. We are able to manually download from the PA website the sig files and manually upload and install them to both appliances without any issues.
Thoughts, ideas, solutions perchance? Thanks.
02-03-2012 02:17 PM
Hello
If your message says a download is in progress, have you been able to go to the CLI and to check for any previously pending downloads?
>Show jobs all
should show you that info.
If you have any pending downloads - check the date and if you find that it is from some time ago, please clear that job ID
> clear job id <jobid #>
Once that is done, try the manual download and if that works and completes, any future downloads should work.
02-01-2012 02:07 AM
Have you tried to manually download the updates and manually upload them to both devices and then commit the updates?
I have seen for the past month or so several similar questions on this forum with failing updates but there is still no official comment (that I have found but I didnt search for that long on the other hand) for why this is happening (my best guess so far is that some update failed big time and for some cases you need to do a manual update to the latest package to get it flowing again).
02-01-2012 04:38 AM
At this time, we are able to manually download and upload the Application and Threats and Antivirus signatures to the primary firewall and perform an HA sync to the secondary firewall. the automatic downloads we have scheduled are inoperative, and manually clicking on the button to initiate a download results in a return message stating there is currently a download in progress and fails. I am very interested to know if this issue is isolated to the 3.1.x code, or also occurs in the 4.x.x code as well.
02-01-2012 07:19 AM
Do you have a DNS server setup in the device configuration?
02-01-2012 08:20 AM
No, I mean go to https://support.paloaltonetworks.com and login. Then in the right menu click on "Dynamic Updates".
Here you can download both the threat & app db along with the url db in a single file to your computer.
Upload then the files needed in the webgui of your PAN devices (Device -> Software if im not mistaken). Then you click on "install from file" (the file(s) must first be uploaded to the PAN before they will show up in the list of "install from file").
02-01-2012 10:53 AM
@its@fscj.edu - Yes, we do have our campus DNS servers defined under the Device tab - Setup.
@mikand - At the moment, the manual download and importation of the signature files from the https://support.paloaltonetworks.com web portal is the only way we can update signatures. What is broken is under the Device tab, Dynamic Updates link on the left pane of the page, and the scheduled options to check and/or download the latest signature files.
02-03-2012 02:17 PM
Hello
If your message says a download is in progress, have you been able to go to the CLI and to check for any previously pending downloads?
>Show jobs all
should show you that info.
If you have any pending downloads - check the date and if you find that it is from some time ago, please clear that job ID
> clear job id <jobid #>
Once that is done, try the manual download and if that works and completes, any future downloads should work.
02-03-2012 02:40 PM
@sjamalluddin - that turned out to be the fix. You beat me to posting it, but thank you and everyone else for taking the time out to assist me with this issue. It looks like the 4.1.x code has a option where it will allow you to monitor jobs and their status from the gui. Everyone have a great weekend!!
02-03-2012 03:39 PM
There is a fix for the download process showing pending status for a long time in 4.1.2 and 4.0.8.With the fix the previous workaround is not needed.
Thank
02-07-2012 01:52 PM
Any chance of that fix being ported to 3.1?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!