When pushing the Dynamic Updates from Panorama, the target device does not show in the Devices list

Symptom

- When pushing the Dynamic Updates from Panorama, the target device does not show up in the Devices list.

Environment

- Firewall in an Out-of-Band environment which does not have access to Internet.

- Threat Prevention license was downloaded and manually uploaded to Firewall.

Cause

- This is because Panorama doesn't have the Threat Prevention licenses loaded for the devices it's managing.

- To be able to deploy the Dynamic Updates from Panorama to Firewall devices, Panorama should have valid Threat Prevention licenses installed for the devices it's managing.

- Internet access is required from panorama to fetch managed devices license status

- Panorama contacts the license server and sends the serial number of each managed Palo Alto Networks devices. The license server responds with the licenses for each device.

Resolution

- Make sure the Panorama is configured with the update server.

Update Server: updates.paloaltonetworks.com

- Get internet access for the Panorama via the management interface: This could require setting a default route and creating a security policy on the upstream firewall to allow access to updates.paloaltonetworks.com.

- Go to Panorama > Device Deployment > Licenses.

- Select Refresh. This will bring up the "Refresh License Deployment" window. Select the device that is not reflecting the correct license status and refresh it.