Failed to download dynamic update file with error "Failed to download due to protocol error"
35609
Created On 03/11/22 22:32 PM - Last Modified 03/11/22 23:16 PM
Symptom
Firewall is able to connect to Update server but failed to download dynamic update files
- Firewall system log indicating connection to updates.paloaltonetworks.com is successful
- However, the download job FAIL with "protocol error" message.
Enqueued Dequeued ID Type Status Result Completed
------------------------------------------------------------------------------------------------------------------------------
2022/03/11 12:40:05 12:40:05 10 Downld FIN FAIL 12:40:28
Warnings:
Details:Failed to download due to protocol error. Please try again later.
Failed to download file
Environment
Firewall
Panorama
Content update (Antivirus, Application and Threats, Wildfire)
Cause
Firewall communication (tcp/443) to download server(s) (ie: proditpdownloads.paloaltonetworks.com or downloads.paloaltonetworks.com) is being denied by firewall rule between source IP and download server(s).
Note: If session logging is enabled on relevant firewall policy, it would show the attempted session to proditpdownloads.paloaltonetworks.com or downloads.paloaltonetworks.com server is being denied by firewall rule.
Resolution
To download dynamic update files, firewall needs to be able to establish (tcp/443) connections to following destination servers (URLs)
- updates.paloaltonetworks.com
- proditpdownloads.paloaltonetworks.com
- downloads.paloaltonetworks.com
If the communication between firewall to update server is going through a firewall security policy with limited access, please include following Destination FQDNs or URLs on the relevant security policy to be allowed.
- updates.paloaltonetworks.com
- proditpdownloads.paloaltonetworks.com
- downloads.paloaltonetworks.com
Additional Information
Please refer to following "Content Delivery Network Infrastructure" documentation for additional information.
- Content Delivery Network Infrastructure