Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
What are the Licensing issues related to Advanced Threat Preven... - Knowledge Base - Palo Alto Networks

What are the Licensing issues related to Advanced Threat Prevention in PAN-OS 10.2.0 and 10.1.4-h4 and earlier?

34351
Created On 03/01/22 21:19 PM - Last Modified 04/19/24 18:50 PM


Question


What are the Licensing issues related to Advanced Threat Prevention in PAN-OS 10.2.0 and 10.1.4-h4 and earlier?

Environment


  • Palo Alto Firewalls
  • PAN-OS 10.2.0 and earlier or PAN-OS 10.1.4-h4 and earlier
  • Advanced Threat Protection (ATP)
  • Licensing

Answer


Three issues have been discovered with ATP licensing in 10.2.0 and 10.1.4-h4 and earlier. 

  • PAN-189361 : Panorama failed to deploy AV content to NGFWs with ATP license
  • PAN-189214 : NGFWs with ATP licenses cannot update AV content through UI
  • PAN-212057 : Advanced Threat Prevention License caused SSL delay



PAN-189361: Panorama failed to deploy AV content to NGFWs with ATP license

Resolution:

The current fixed versions are  PAN-OS 10.2.1, 10.1.5.

Workaround:

  1. Use the WebGUI to download and install the Apps&Threats content package.
  2. Use the Firewall CLI to download and install the anti-virus content package:
> request anti-virus upgrade check
> request anti-virus upgrade install commit yes version latest
  1. Verify the latest AV update by running the following command in the CLI:
> request anti-virus upgrade info
  1. Set antivirus update schedule to align with best practices
> configure
> set deviceconfig system update-schedule anti-virus recurring hourly at 4
> set deviceconfig system update-schedule anti-virus recurring hourly action download-and-install
> commit


PAN-189214: NGFWs with ATP licenses cannot update AV content through UI
Resolution:
The current fixed versions are PAN-OS 10.2.1, 10.1.5, 9.1.15.

Workaround:

  1. Use the WebGUI to download and install the Apps&Threats content package.
  2. Use the CLI to download and install the anti-virus content package:
> request anti-virus upgrade check
> request anti-virus upgrade install commit yes version latest
  1. You can then verify the latest AV update by running the following command in the CLI:
> request anti-virus upgrade info
  1. Set antivirus update schedule to align with best practices
> configure
> set deviceconfig system update-schedule anti-virus recurring hourly at 4
> set deviceconfig system update-schedule anti-virus recurring hourly action download-and-install
> commit

 

PAN-212057: Advanced Threat Prevention License caused SSL delay
Resolution:
The current fixed versions are  PAN-OS 11.0.3, 10.2.5.


References:

Additional Information


This is an issue with the WebGUI for the Anti-Virus content package; not a problem with the ATP license itself.
Other users also viewed:
How to download GlobalProtect from the Customer Support Portal
Download and Install the GlobalProtect App for Windows
Resource List: GlobalProtect Configuring and Troubleshooting
PAN-OS Software Updates
Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)
Results 1-5 of 238,860
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NOKCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language