Unable to Update License from the License Server

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
zebust
L1 Bithead

Unable to Update License from the License Server

Hi,

 

I am very new to Palo Alto and trying to active licence on  new PA-850. the devices are already  registered on support portal using serial key and authcode.

 

when i click Retrieve license keys from license server, z dialogbox opens and tells me retrieving licenses from Palo Alto Networks license server. Please wait...  and then suddenly dialog box closes, nothing happens and i get following message in system logs.

 

"Connection to Update server: updates.paloaltonetworks.com completed successfully, initiated by 192.168.137.240"

 

 

i have tried both staticupdates.paloaltonetworks.com  and updates.paloaltonetworks.com

 

i cant ping the FQDN but the DNS is ale to resolve it to IP.

 

 

Regards

TranceforLife
L6 Presenter

From the log, everything is looking good. Did you refresh the screen in order to reflect teh changes? Did you activate support licenses? 

Ben-W
L2 Linker

Hi Zebust,

 

Assuming you have checked anything upstream that could be preventing the traffic flow and checked the traffic is being NAT'd correctly leaving your network!.

 

Might be worth attempting to use service route configuration and use a data port.

https://live.paloaltonetworks.com/t5/Configuration-Articles/Setting-a-Service-Route-for-Services-to-...

 

If you have configured L3 data ports, set the service route configuration to use the external Layer3 address to source the service, Traffic should be allowed by default (intrazone allow policy - untrust-to-untrust for example)

Normally done for isolated management networks however have had to use this in the past, not sure of the root cause and after updating the firewall, changed back the service route configuration to the mgt port it was successful.

 

Also doing it this way you can see the traffic in the traffic logs, alternatively if you wanted to go further into troubleshooting the management port:

https://live.paloaltonetworks.com/t5/Management-Articles/How-To-Packet-Capture-tcpdump-On-Management...

 

Regards,

Ben

 

 

reaper
L7 Applicator

you'll need to activate your licences using the auth codes

since the log entry indicates your connection was succesfull you don't need to change how you connect to the updates server

Tom Piens - PANgurus.com
Like my answer? check out my book! amazon.com/dp/1789956374
OtakarKlier
Cyber Elite

Hello,

Also check the logs to make sure you are not inadvertantly blocking orinspecting the traffic. If you have SSL decryption enabled, you need to allow this traffic to bypass it.

 

Regards,

zebust
L1 Bithead

Thanks everyone for your replies

 

My connection to license server is working fine. Services access is via managment interface and its not passing through any firewall.  

 

@ Reaper, i think this seems to be the issue. Device registration was done by the customer. I just found that the licenses are not correctly activated on the portal.  Currently only "Software warranty Support" license is activated.

 

i will try to activate the feature license with correct auth-code and report back once issue is resolved.

 

 

Regards

zebust
L1 Bithead

Just wanted to report back on the issues........its Resolved :)

 

Found the correct auth codes and activated from Firewall directly instaed of portal.....everthing went smooth.

 

Thanks everyone

 

 

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!