Symptom
Users sometimes change the content update URL to static to prevent back-end failures. But this practice doesn’t prevent failures, and because of security posture and rules, should only be used on a specific address. This document offers a recommended updates server configuration.
Environment
- update server configuration is set properly
- updates are failing on the firewall
Resolution : To receive content updates from the closest server to the Palo Alto Networks device in the Content Delivery Network (CDN) infrastructure:
- Click on Device >Setup >Services
- Set the update server configuration to updates.paloaltonetworks.com
Additional Information
NOTE: To test the connectivity of the firewall to our update servers, admin can use staticupdates.paloaltonetworks.com (for troubleshooting purposes only.) If connectivity is successful here, but unsuccessful using updates.paloaltonetworks.com, then please open a TAC support case so that we can investigate further with our devops team.
Leave A Comment?