https://live.paloaltonetworks.com/t5/general-topics/custom-created-anti-spyware-profiles-not-opening-showing-the/m-p/506323#M105657 <P>I am able to figure out that this is due to threat-Id fetch from threat vault, that is not happening.</P> <P>From show_log_system.txt&nbsp;</P> <P><EM>2022/06/21 12:01:16 medium general general 0 Could not access threat vault</EM></P> <P>Later fixed the connectivity because of service route being used</P> <P>Then from wf_curl.log</P> <P><EM>2.786 +0300 debug: main(pan_wf_curl.c:931): Device Cert Status node not found, not using device certificate for mTLS with AF2022-06-21 10:51:52.786 +0300 Max timeout: 4</EM><BR /><EM>2022-06-21 10:51:52.786 +0300 debug: curl_set_opts(pan_wf_curl.c:280): use_sdb = 0</EM><BR /><EM>2022-06-21 10:51:52.805 +0300 debug: main(pan_wf_curl.c:697): full addr: <A href="https://data.threatvault.paloaltonetworks.com:443/search_by_id" target="_blank">https://data.threatvault.paloaltonetworks.com:443/search_by_id</A></EM><BR /><EM>2022-06-21 10:51:52.806 +0300 debug: main(pan_wf_curl.c:731): dest_addr: data.threatvault.paloaltonetworks.com</EM><BR /><EM>2022-06-21 10:51:53.055 +0300 debug: pan_ssl_cloud_ssl_cb(pan_ssl_curl_utils.c:707): set ssl parameters into curl ssl cb</EM><BR /><EM>2022-06-21 10:51:53.055 +0300 debug: pan_cryptod_sysd_access_key(pan_cryptod_sysd_api.c:1028): Sending GET: id:client-ssl-cert, flag:4 to cryptod</EM><BR /><EM>2022-06-21 10:51:53.056 +0300 debug: pan_cryptod_sysd_access_key(pan_cryptod_sysd_api.c:1037): Send GET msg to cryptod for id:client-ssl-cert successful</EM><BR /><EM>2022-06-21 10:51:53.056 +0300 debug: pan_cryptod_sysd_access_key(pan_cryptod_sysd_api.c:1057): Received (for id:client-ssl-cert), key data (len=1849):</EM><BR /><EM>2022-06-21 10:51:53.056 +0300 debug: pan_cryptod_dump_buf(pan_cryptod_sysd_api.c:749): [xxx] ...</EM><BR /><EM>2022-06-21 10:51:53.056 +0300 debug: pan_cryptod_sysd_access_key(pan_cryptod_sysd_api.c:1028): Sending GET: id:client-ssl-private-key, flag:4 to cryptod</EM><BR /><EM>2022-06-21 10:51:53.057 +0300 debug: pan_cryptod_sysd_access_key(pan_cryptod_sysd_api.c:1037): Send GET msg to cryptod for id:client-ssl-private-key successful</EM><BR /><EM>2022-06-21 10:51:53.057 +0300 debug: pan_cryptod_sysd_access_key(pan_cryptod_sysd_api.c:1057): Received (for id:client-ssl-private-key), key data (len=1857):</EM><BR /><EM>2022-06-21 10:51:53.057 +0300 debug: pan_cryptod_dump_buf(pan_cryptod_sysd_api.c:749): [xxx] ...</EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: verify_cb(pan_ssl_curl_utils.c:660): Basic Validation of x509 cert is success </EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: pan_wf_cert_verify(pan_ssl_curl_utils.c:584): pan_wf_cert_verify : cert is valid </EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: verify_cb(pan_ssl_curl_utils.c:660): Basic Validation of x509 cert is success </EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: pan_wf_cert_verify(pan_ssl_curl_utils.c:584): pan_wf_cert_verify : cert is valid </EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: verify_cb(pan_ssl_curl_utils.c:660): Basic Validation of x509 cert is success </EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: pan_wf_cert_verify(pan_ssl_curl_utils.c:584): pan_wf_cert_verify : cert is valid </EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: verify_cb(pan_ssl_curl_utils.c:660): Basic Validation of x509 cert is success </EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: pan_wf_cert_verify(pan_ssl_curl_utils.c:584): pan_wf_cert_verify : cert is valid </EM><BR /><EM>2022-06-21 10:51:53.319 +0300 Error: main(pan_wf_curl.c:957): curl error: 35</EM><BR /><EM>2022-06-21 10:51:53.319 +0300 sysd worker 0: shutting down</EM><BR /><EM>2022-06-21 10:51:53.319 +0300 sysd worker 1: shutting down</EM><BR /><EM>2022-06-21 10:51:53.320 +0300 sysd main thread: shutting down</EM><BR /><EM>2022-06-21 10:51:53.320 +0300 debug: destruct_ex_url_token_hash(pan_logdb_indexer_v2.c:6438): destruct_ex_url_token_hash</EM><BR /><EM>2022-06-21 11:00:27.411 +0300 sysd worker[0]: 7f5190286700: starting up...</EM><BR /><EM>2022-06-21 11:00:27.411 +0300 sysd worker[1]: 7f518fe85700: starting up...</EM><BR /><EM>2022-06-21 11:00:29.411 +0300 debug: sysd_queue_sched(sysd_queue.c:672): QUEUE: sysd queue schedule: no connection yet, ignore</EM><BR /><EM>2022-06-21 11:00:29.412 +0300 Sysd Event: SUCCESS</EM><BR /><EM>2022-06-21 11:00:29.412 +0300 connected to sysd</EM></P> <P>&nbsp;</P> Mon, 27 Jun 2022 06:22:58 GMT Zeeshan_Shaheen 2022-06-27T06:22:58Z https://live.paloaltonetworks.com/t5/general-topics/custom-created-anti-spyware-profiles-not-opening-showing-the/m-p/505346#M105656 <P>Hello all</P> <P><STRONG>Model: PA-3220</STRONG></P> <P><STRONG>Firmware version: 10.1.16</STRONG></P> <P>&nbsp;</P> <UL> <LI>I am not able to open some custom-created Anti-Spyware profiles after moving to 10.1.15-h2 from 10.0.X&nbsp; then upgraded to 10.1.16&nbsp;(being a preferred version ). showing the below error.</LI> <LI><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Zeeshan_Shaheen_1-1655878999153.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/41903i753D0BD5F2F8E6D2/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Zeeshan_Shaheen_1-1655878999153.png" alt="Zeeshan_Shaheen_1-1655878999153.png" /></span></LI> <LI><EM>- default &amp; Strict</EM> are there by predefined and are opening perfecty without any issue.</LI> <LI>Created a test policy I am able to open that also.</LI> <LI>Every service had been restarted as the firewall was upgraded.</LI> <LI>Firewall in HA and the passive one shows the same error while checking the same spyware profiles.</LI> <LI>Tried to clone the affected policy and faced the same error.</LI> <LI>Checked the resource usage by <EM>show system resources follow </EM>and checked that there is no significant spike in the any parameter , more precisely %wa</LI> </UL> <P>Do we have any known Bug related to the same?</P> <P>&nbsp;</P> <P>#paloalto #PA-3220</P> Wed, 22 Jun 2022 06:38:20 GMT https://live.paloaltonetworks.com/t5/general-topics/custom-created-anti-spyware-profiles-not-opening-showing-the/m-p/505346#M105656 Zeeshan_Shaheen 2022-06-22T06:38:20Z https://live.paloaltonetworks.com/t5/general-topics/custom-created-anti-spyware-profiles-not-opening-showing-the/m-p/506323#M105657 <P>I am able to figure out that this is due to threat-Id fetch from threat vault, that is not happening.</P> <P>From show_log_system.txt&nbsp;</P> <P><EM>2022/06/21 12:01:16 medium general general 0 Could not access threat vault</EM></P> <P>Later fixed the connectivity because of service route being used</P> <P>Then from wf_curl.log</P> <P><EM>2.786 +0300 debug: main(pan_wf_curl.c:931): Device Cert Status node not found, not using device certificate for mTLS with AF2022-06-21 10:51:52.786 +0300 Max timeout: 4</EM><BR /><EM>2022-06-21 10:51:52.786 +0300 debug: curl_set_opts(pan_wf_curl.c:280): use_sdb = 0</EM><BR /><EM>2022-06-21 10:51:52.805 +0300 debug: main(pan_wf_curl.c:697): full addr: <A href="https://data.threatvault.paloaltonetworks.com:443/search_by_id" target="_blank">https://data.threatvault.paloaltonetworks.com:443/search_by_id</A></EM><BR /><EM>2022-06-21 10:51:52.806 +0300 debug: main(pan_wf_curl.c:731): dest_addr: data.threatvault.paloaltonetworks.com</EM><BR /><EM>2022-06-21 10:51:53.055 +0300 debug: pan_ssl_cloud_ssl_cb(pan_ssl_curl_utils.c:707): set ssl parameters into curl ssl cb</EM><BR /><EM>2022-06-21 10:51:53.055 +0300 debug: pan_cryptod_sysd_access_key(pan_cryptod_sysd_api.c:1028): Sending GET: id:client-ssl-cert, flag:4 to cryptod</EM><BR /><EM>2022-06-21 10:51:53.056 +0300 debug: pan_cryptod_sysd_access_key(pan_cryptod_sysd_api.c:1037): Send GET msg to cryptod for id:client-ssl-cert successful</EM><BR /><EM>2022-06-21 10:51:53.056 +0300 debug: pan_cryptod_sysd_access_key(pan_cryptod_sysd_api.c:1057): Received (for id:client-ssl-cert), key data (len=1849):</EM><BR /><EM>2022-06-21 10:51:53.056 +0300 debug: pan_cryptod_dump_buf(pan_cryptod_sysd_api.c:749): [xxx] ...</EM><BR /><EM>2022-06-21 10:51:53.056 +0300 debug: pan_cryptod_sysd_access_key(pan_cryptod_sysd_api.c:1028): Sending GET: id:client-ssl-private-key, flag:4 to cryptod</EM><BR /><EM>2022-06-21 10:51:53.057 +0300 debug: pan_cryptod_sysd_access_key(pan_cryptod_sysd_api.c:1037): Send GET msg to cryptod for id:client-ssl-private-key successful</EM><BR /><EM>2022-06-21 10:51:53.057 +0300 debug: pan_cryptod_sysd_access_key(pan_cryptod_sysd_api.c:1057): Received (for id:client-ssl-private-key), key data (len=1857):</EM><BR /><EM>2022-06-21 10:51:53.057 +0300 debug: pan_cryptod_dump_buf(pan_cryptod_sysd_api.c:749): [xxx] ...</EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: verify_cb(pan_ssl_curl_utils.c:660): Basic Validation of x509 cert is success </EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: pan_wf_cert_verify(pan_ssl_curl_utils.c:584): pan_wf_cert_verify : cert is valid </EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: verify_cb(pan_ssl_curl_utils.c:660): Basic Validation of x509 cert is success </EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: pan_wf_cert_verify(pan_ssl_curl_utils.c:584): pan_wf_cert_verify : cert is valid </EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: verify_cb(pan_ssl_curl_utils.c:660): Basic Validation of x509 cert is success </EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: pan_wf_cert_verify(pan_ssl_curl_utils.c:584): pan_wf_cert_verify : cert is valid </EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: verify_cb(pan_ssl_curl_utils.c:660): Basic Validation of x509 cert is success </EM><BR /><EM>2022-06-21 10:51:53.313 +0300 debug: pan_wf_cert_verify(pan_ssl_curl_utils.c:584): pan_wf_cert_verify : cert is valid </EM><BR /><EM>2022-06-21 10:51:53.319 +0300 Error: main(pan_wf_curl.c:957): curl error: 35</EM><BR /><EM>2022-06-21 10:51:53.319 +0300 sysd worker 0: shutting down</EM><BR /><EM>2022-06-21 10:51:53.319 +0300 sysd worker 1: shutting down</EM><BR /><EM>2022-06-21 10:51:53.320 +0300 sysd main thread: shutting down</EM><BR /><EM>2022-06-21 10:51:53.320 +0300 debug: destruct_ex_url_token_hash(pan_logdb_indexer_v2.c:6438): destruct_ex_url_token_hash</EM><BR /><EM>2022-06-21 11:00:27.411 +0300 sysd worker[0]: 7f5190286700: starting up...</EM><BR /><EM>2022-06-21 11:00:27.411 +0300 sysd worker[1]: 7f518fe85700: starting up...</EM><BR /><EM>2022-06-21 11:00:29.411 +0300 debug: sysd_queue_sched(sysd_queue.c:672): QUEUE: sysd queue schedule: no connection yet, ignore</EM><BR /><EM>2022-06-21 11:00:29.412 +0300 Sysd Event: SUCCESS</EM><BR /><EM>2022-06-21 11:00:29.412 +0300 connected to sysd</EM></P> <P>&nbsp;</P> Mon, 27 Jun 2022 06:22:58 GMT https://live.paloaltonetworks.com/t5/general-topics/custom-created-anti-spyware-profiles-not-opening-showing-the/m-p/506323#M105657 Zeeshan_Shaheen 2022-06-27T06:22:58Z https://live.paloaltonetworks.com/t5/general-topics/custom-created-anti-spyware-profiles-not-opening-showing-the/m-p/506716#M105681 <P>Resolved the issue by fixing the connectivity to&nbsp;<EM><SPAN>&nbsp;</SPAN><A href="https://data.threatvault.paloaltonetworks.com/search_by_id" target="_blank" rel="nofollow noopener noreferrer">https://data.threatvault.paloaltonetworks.com:443/search_by_id</A>&nbsp;&nbsp;</EM>by allowing the same in security policy.</P><P>The issue was due to <EM>curl error: 35&nbsp;</EM>when i clicked on the spyware profile, the firewall was trying to fetch the threat signature in background which was present in botnet exceptions, but due to connection error , it was getting timeout after particular period of time, there was a service route present for paloalto network services therefore i added *.paloaltonetworks.com in the security olicy and allowed it. and it worked fine.</P><P>It is not cool to throw an error that device is not responding.</P> Tue, 28 Jun 2022 13:06:22 GMT https://live.paloaltonetworks.com/t5/general-topics/custom-created-anti-spyware-profiles-not-opening-showing-the/m-p/506716#M105681 Zeeshan_Shaheen 2022-06-28T13:06:22Z