Scheduled Dynamic Updates having download and install issues
Symptom
- Dynamic Updates are set to download, or download and install on a schedule.
- The firewall can reach the update server, and manual updates work normally.
- Threshold interval defined for Dynamic Updates
Example
Schedule for antivirus updates is configured with the 'Threshold' set to 48 hours.
Note: Underneath the Threshold value the mentioned 'Content must be at least this many hours old for any action to be taken'
Environment
- PAN-OS 8.x / 9.x
- Dynamic Updates
Cause
Antivirus updates are released on a daily basis:
The following error is observed on the log-file ms.log:
admin@pan> grep after-context 1 before-context 11 pattern "threshold=" mp-log ms.log
--2015-03-05 01:00:01-- https://updates.paloaltonetworks.com/Updates/UpdateService2.asmx/CheckForVirusUpdate
Resolving updates.paloaltonetworks.com... 199.167.52.13
Connecting to updates.paloaltonetworks.com|199.167.52.13|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4432 (4.3K) [text/xml]
Saving to: `/tmp/.avinfo.xml.10073.tmp'
0K 100% 11.2M=0s
2015-03-05 01:00:02 (11.2 MB/s) - `/tmp/.avinfo.xml.10073.tmp' saved [4432/4432]
2015-03-05 01:00:02.886 -0500 Content time below threshold 2015/03/04 04:00:02 threshold=48 diff=18
2015-03-05 01:00:02.886 -0500 No new Antivirus updates available for download
Description of Behavior
The hours value under 'Threshold' is a setting that checks the 'maturity' of the *latest* available package. Note that it is not checking the list to find the "next one over" that is at least '48' hours older (so that you could skip updates). The way that the example above is set up (48 hours), would therefore prevent *any* update from deploying.
The reason for this is that the frequency of the antivirus releases is daily (every 24 hours), therefore, the maturity (Threshold) would have to be set to anything less than 24 hours.