Palo Alto Networks Update Server Failed

Users sometimes change the content update URL to static to prevent back-end failures. But this practice doesn’t prevent failures, and because of security posture and rules, should only be used on a specific address. This document offers a recommended updates server configuration.


  • update server configuration is set properly
  • updates are failing on the firewall

Resolution : To receive content updates from the closest server to the Palo Alto Networks device in the Content Delivery Network (CDN) infrastructure:

  1. Click on Device >Setup >Services
  2. Set the update server configuration to

Additional Information
NOTE: To test the connectivity of the firewall to our update servers, admin can use (for troubleshooting purposes only.) If connectivity is successful here, but unsuccessful using, then please open a TAC support case so that we can investigate further with our devops team.

Was this article helpful?

Related Articles

Leave A Comment?