Hello guys, I have a pair of fw on HA an I got a version mistmatch after last update.
Unfortunately I have an issue getting the 2 devices to sync. I am seeing an issue getting updates (software/dynamic) from palo alto updater. I'm getting the following error:
ERROR: "Failed to check upgrade info due to Unsupported protocol. Please check network connectivity and try again."
I have the version mismatch on the followings:
App Version Mismatch
Threat Version Mismatch
Antivirus Version Mismatch
Has someone faced and resolved this issue?
Yeah! Unsupported protocol was weird to me as well, I found the resolution, this was made to resolved the issue:
> Management interface was configured under service route for palo alto network services.
> DNS was getting resolved without any issues.
> Initiated a ping from management interface to "updates.paloaltonetworks.com" and found that there were DUP ping responses received.
> We then initiated another ping from DP untrust interface and no DUP ping respones seen.
> Changed the service route to use eth1/1.900 and that fixed the issue.
> Need to do the same change on Secondary device too.
Thanks for your anwser :)
Unsupported protocol? That's weird... Is your management plane connecting to the internet via a proxy thats rewriting the ssl cipher suite maybe? Are both firewalls encountering this issue, or just one? You can set "sync to peer" on the one that's successful so it forwards it's content packages to the other firewall Do make sure you set a threshold in your update schedule, to me protect you against malformed content packages