Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
12-22-2024 01:17 AM
Hi Community,
Our setup follows the steps outlined in the Palo Alto article: Install Updates Automatically for Panorama Without an Internet Connection.
Here’s the issue:
From the logs, I see that after downloading the update, Panorama tries to reach the update server configured under Panorama → Setup → Services → Update Server on port 443 for validating the update. Of course, this fails since there is no internet connection anymore and it looks like something odd.
I set the SCP server as the update server, but how is it supposed to listen on port 443? I even tried forcing the SCP URL with :22 (e.g., scp.url:22), but it didn’t resolve the issue.
Has anyone encountered a similar issue, or could someone clarify how to properly configure the update server in this case? I tried to raise a TAC case but we are running in circle without a solution
Any suggestions would be greatly appreciated!
12-30-2024 11:34 PM
Hello @MarcoMancini
I would advise to work it with a TAC engineer.
I mean in the TAC case you would share the TSF from the inner and the outer panorama, so the TAC engineer can review the configuration and the data.
Olivier
PCSNE - CISSP
Best Effort contributor
Check out our PANCast Channel
Disclaimer : All messages are my personal ones and do not represent my company's view in any way.
12-31-2024 12:14 AM
Hi @ozheng
Thanks for your suggestion. I opened a TAC case two weeks ago, but progress has been slow, so I posted here for additional input.
TAC recommended manually uploading the latest content update to the air-gapped Panorama. While this is feasible, it’s not currently possible due to the time-intensive approval process for importing external files. Honestly, I don’t fully understand the point of the manual upload in this situation.
I also suspect the issue might be with the SCP server, as I’ve read Panorama can have compatibility issues with Windows-based SCP servers in some discussions (and we have a windows SCP server). This could potentially affect the checksum, but I’m speculating since TAC support hasn’t been very helpful so far.
Marco
01-01-2025 05:11 PM
Hello @MarcoMancini
Sorry I could not update on the post directly.
Olivier
PCSNE - CISSP
Best Effort contributor
Check out our PANCast Channel
Disclaimer : All messages are my personal ones and do not represent my company's view in any way.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
