1: the firewall has no internet access so you can't activate the unit
2: dynamic updates have to be pulled down and updated manually
I will show you how to tackle items#1 and #2 it's actually quite simple.
1st you need to login to support@paloalto and goto your assets via the device button
Now you can download the individuals keys;
Once you have the files, you will upload them into the security-appliance. The individual files are a hash of some type, so don't modify or edit the files.
These files once upload and activated will allow the assigned feature by going to Device > license ( manual upload ) and activation via the commit . Do each license item one by one.
When this option has completed, you can now push the update package via the Device > Dynamic Updates
The step is broken down into 2 unique functions.
1st you upload the update files into the unit using the Upload option
2nd you install that file using the Install From File option which is to the right of the upload
The unit will now have the activation and the fresh updates if you continually push updates manually. You can confirm the license installed from the device license tab and the status from the dashboard
I could go on and on with many differences, but PAN-OS has always been weaker with network features & overall thru-put with higher latency, but it is light-years ahead of the pack in pure firewall UTM threat detection, and applications controls.
I know of no way to manually push the URL seed file and be careful of dynamic file updates names. Any files with a "(1)" or any other number would be rejected. So try to keep the same named as listed on the support page.
Imho, you want to conduct updates during low peak usage. Also don't forget to commit all changes after uploads and before install from file. If you conduct these methods, you will have hit-less updates.
For AV definition, I found that it's best not to skip a number sequence but YMMV, but it seems AV updates that manually push execute quicker when you follow the sequences.
If xxx-0001 is installed and active, install xxx-0002 for the next AV update and don't try to jump to xxx-0003.
And it should be obvious, but read the "release" note to get the following 1> number of new signatures in the updates and 2> minimum PAN-OS version that's required.
Any factory default resets will wipe out all license and updates. So keep this in mind if you execute a debug system maintenance-mode . Also a reset and re-importing a configuration will NOT re-install the license on a appliance. You will have to have internet access and/or manual re-install licenses and updates.
A request license info from the cli will list all license and expirations
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
=( @ @ )=