How to test connectivity to updates servers when ICMP is blocked?

How to test connectivity to updates servers when ICMP is blocked?

8088
Created On 01/20/21 09:35 AM - Last Modified 06/04/24 19:17 PM


Objective


How to test connectivity between the Palo Alto Firewall management interface and update servers when 
ICMP is blocked?
 

Environment


  • Palo Alto Firewalls
  • PAN-OS 11.x and above

Procedure


  1. CLI command "test http-server" can be used to initiate and test a HTTPS (SSL) connection to update server or any network server.
test http-server port <1-65535>  protocol HTTPS address <IP address or FQDN>

Example for update server:
admin@PA-FW> test http-server port 443 protocol HTTPS address updates.paloaltonetworks.com
Connection to: https://updates.paloaltonetworks.com:443 succeeded
  1. Other options like tls-versioncertificate-profile can be used as well.

Additional Information


HTTP connection to servers can also be tested using the HTTP option.
test http-server port <1-65535> protocol HTTP address <IP address or FQDN>
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCScCAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail