Dynamic Update download fails with error "Failed to download due to protocol error. Please try again later."
24041
Created On 11/10/20 15:49 PM - Last Modified 06/29/21 23:17 PM
Symptom
- Able to ping updates.paloaltonetworks.com succesfully
- Clicking Download on a Dynamic Update gives pop-up error:
Details Failed to download due to protocol error. Please try again later. Failed to download file
- Updater error in configd.log
> less mp-log configd.log 2020-11-09 15:20:42.447 -0600 updater error code:-56 2020-11-09 15:20:42.447 -0600 Error: pan_jobmgr_downloader_thread(pan_job_mgr.c:1744): DOWNLOAD job failed 2020-11-09 15:20:42.447 -0600 Error: pan_dynupdsch_deploy_at_end_dnld_cb(pan_cfg_dynupdsch.c:2029): pan_dynupdsch_deploy_at_end_dnld_cb(pan_cfg_dynupdsch.c:2029): scheduled-update: Most Recent Content Install download job of Applications and Threats failed
- Failed HTTPS test from CLI for proditpdownloads.paloaltonetworks.com
> test http-server address proditpdownloads.paloaltonetworks.com protocol HTTPS Server error : Connection to: https://proditpdownloads.paloaltonetworks.com:443 failed: Timeout was reached
Environment
- PAN-OS
- Dynamic Updates
Cause
The FQDN proditpdownloads.paloaltonetworks.com was missing in Security Rule Allow list on upstream device that was filtering URL traffic and blocking the traffic.
Resolution
Make sure the FQDNs below are added to address objects in the Security Rule/URL exemption in any upstream device that process URL traffic. For more information see Content Delivery Network Infrastructure
- updates.paloaltonetworks.com
- proditpdownloads.paloaltonetworks.com
- downloads.paloaltonetworks.com