What are the Licensing issues related to Advanced Threat Prevention in PAN-OS 10.2.0 and 10.1.4-h4 and earlier?

What are the Licensing issues related to Advanced Threat Prevention in PAN-OS 10.2.0 and 10.1.4-h4 and earlier?

26311
Created On 03/01/22 21:19 PM - Last Modified 04/19/24 18:50 PM


Question


What are the Licensing issues related to Advanced Threat Prevention in PAN-OS 10.2.0 and 10.1.4-h4 and earlier?

Environment


  • Palo Alto Firewalls
  • PAN-OS 10.2.0 and earlier or PAN-OS 10.1.4-h4 and earlier
  • Advanced Threat Protection (ATP)
  • Licensing

Answer


Three issues have been discovered with ATP licensing in 10.2.0 and 10.1.4-h4 and earlier. 

  • PAN-189361 : Panorama failed to deploy AV content to NGFWs with ATP license
  • PAN-189214 : NGFWs with ATP licenses cannot update AV content through UI
  • PAN-212057 : Advanced Threat Prevention License caused SSL delay



PAN-189361: Panorama failed to deploy AV content to NGFWs with ATP license

Resolution:

The current fixed versions are  PAN-OS 10.2.1, 10.1.5.

Workaround:

  1. Use the WebGUI to download and install the Apps&Threats content package.
  2. Use the Firewall CLI to download and install the anti-virus content package:
> request anti-virus upgrade check
> request anti-virus upgrade install commit yes version latest
  1. Verify the latest AV update by running the following command in the CLI:
> request anti-virus upgrade info
  1. Set antivirus update schedule to align with best practices
> configure
> set deviceconfig system update-schedule anti-virus recurring hourly at 4
> set deviceconfig system update-schedule anti-virus recurring hourly action download-and-install
> commit


PAN-189214: NGFWs with ATP licenses cannot update AV content through UI
Resolution:
The current fixed versions are PAN-OS 10.2.1, 10.1.5, 9.1.15.

Workaround:

  1. Use the WebGUI to download and install the Apps&Threats content package.
  2. Use the CLI to download and install the anti-virus content package:
> request anti-virus upgrade check
> request anti-virus upgrade install commit yes version latest
  1. You can then verify the latest AV update by running the following command in the CLI:
> request anti-virus upgrade info
  1. Set antivirus update schedule to align with best practices
> configure
> set deviceconfig system update-schedule anti-virus recurring hourly at 4
> set deviceconfig system update-schedule anti-virus recurring hourly action download-and-install
> commit

 

PAN-212057: Advanced Threat Prevention License caused SSL delay
Resolution:
The current fixed versions are  PAN-OS 11.0.3, 10.2.5.


References:

Additional Information


This is an issue with the WebGUI for the Anti-Virus content package; not a problem with the ATP license itself.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NOKCA2&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language