I am very new to Palo Alto and trying to active licence on new PA-850. the devices are already registered on support portal using serial key and authcode.
when i click Retrieve license keys from license server, z dialogbox opens and tells me retrieving licenses from Palo Alto Networks license server. Please wait... and then suddenly dialog box closes, nothing happens and i get following message in system logs.
"Connection to Update server: updates.paloaltonetworks.com completed successfully, initiated by 192.168.137.240"
i have tried both staticupdates.paloaltonetworks.com and updates.paloaltonetworks.com
i cant ping the FQDN but the DNS is ale to resolve it to IP.
Assuming you have checked anything upstream that could be preventing the traffic flow and checked the traffic is being NAT'd correctly leaving your network!.
Might be worth attempting to use service route configuration and use a data port.
If you have configured L3 data ports, set the service route configuration to use the external Layer3 address to source the service, Traffic should be allowed by default (intrazone allow policy - untrust-to-untrust for example)
Normally done for isolated management networks however have had to use this in the past, not sure of the root cause and after updating the firewall, changed back the service route configuration to the mgt port it was successful.
Also doing it this way you can see the traffic in the traffic logs, alternatively if you wanted to go further into troubleshooting the management port:
you'll need to activate your licences using the auth codes
since the log entry indicates your connection was succesfull you don't need to change how you connect to the updates server
Also check the logs to make sure you are not inadvertantly blocking orinspecting the traffic. If you have SSL decryption enabled, you need to allow this traffic to bypass it.
Thanks everyone for your replies
My connection to license server is working fine. Services access is via managment interface and its not passing through any firewall.
@ Reaper, i think this seems to be the issue. Device registration was done by the customer. I just found that the licenses are not correctly activated on the portal. Currently only "Software warranty Support" license is activated.
i will try to activate the feature license with correct auth-code and report back once issue is resolved.
Just wanted to report back on the issues........its Resolved :)
Found the correct auth codes and activated from Firewall directly instaed of portal.....everthing went smooth.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!