Schedule for Dynamic Updates on Panorama does Not Override Configured Schedule on Managed Device

Schedule for Dynamic Updates on Panorama does Not Override Configured Schedule on Managed Device

42111
Created On 09/25/18 17:50 PM - Last Modified 11/16/19 02:34 AM


Symptom


The dynamic update schedule configuration (Device > Dynamic Updates) pushed from Panorama to the managed Palo Alto Networks firewall does not show up on the firewall. Instead, the managed device maintains the locally configured schedule for dynamic updates.

  • Dynamic updates scheduled time is locally configured on the managed device.
PA200.jpg
  • Schedule for dynamic updates is configured on Panorama for the managed device.
Panorama-2.jpg
  • The configuration is pushed to the managed device.
  • The dynamic updates scheduled time "Wednesday at 01.02 (download only)" locally on managed firewall will take preference over the one pushed from panorama.

 

 

Environment


  • Any Panorama.
  • Palo Alto Firewall.
  • PAN-OS 7.1 and above.

Cause


Locally defined dynamic updates setting on a managed Palo Alto Networks firewall take preference over the Panorama pushed setting.

Resolution


  1. Set the schedule time on the managed firewall for dynamic updates to None using GUI: Device > Dynamic Update > Schedule (on appropriate content) >  Select the dropdown button Recurrence to None.
  2. Commit to the firewall.
  3. Push the Dynamic updates scheduled time configured on Panorama again. This schedule time will now be updated.

 

Additional Information


CLI command to set the update schedule on the firewall to None is listed below.
> configure
# delete deviceconfig system update-schedule
# commit force
# exit

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKQCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language