01-05-2026 09:56 PM
Hi All,
Any advice on a possible solution or workaround? All traffic passes through the proxy server. We have already checked the KB below; however, we cannot change the DNS settings because the proxy server is being used as the DNS server.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEpCAK
Model: PA - 3410
Software Version: 11.1.10-h1
Issue: Can't Download Dynamic Update to the current setup
Temporary solution: Manual Dynamic Update using CSP.
01-06-2026 06:11 AM
How is DNS involved in your issue?
Does proxy perform SSL decryption?
Does proxy require authentication?
01-06-2026 05:44 PM
Reviewing the traffic logs, where we can find verbose system logs on why palo alto sent rst for update session when download is triggered?
GUI system shows connection is successful.
01-06-2026 05:55 PM - edited 01-06-2026 06:00 PM
-How is DNS involved in the issue?
[GS] DNS resolution on proxy.
-Does the proxy require authentication?
[GS] No authentication required to proxy.
01-07-2026 09:11 AM
Error states that certificate validation fails.
Most likely DNS works and paloaltonetworks.com FQDNs get resolved but proxy performs ssl decryption and connection fails due Palo not trusting proxy certificate.
Can you bypass Palo mgmt IP accessing *.paloaltonetworks.com from decryption?
01-07-2026 06:11 PM
We are not using the decryption.
01-08-2026 05:18 AM
Error clearly points to certificate validation issue.
So re-check proxy config if it is altering certificate.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
