https://live.paloaltonetworks.com/t5/general-topics/are-edls-updating-from-passive-device/m-p/374011#M88995 <P>Are you seeing the "Unable to fetch external dynamic list. Couldn't connect to server. Using old copy for refresh." only on the passive device, and does the MGMT IP of the passive device have connectivity to your Minemeld URL?</P><P>As you're stating that manually forcing an update I'm assuming that it does, however I might be interpreting your scenario sketch wrongly. &nbsp;</P><P>&nbsp;</P><P>What we've seen with some of our customers is that the error "Unable to fetch external dynamic list. Couldn't connect to server. Using old copy for refresh." at times is shown on the active device when there are no new or removed IP addresses on the EDL instead of a "Succesfully connected, no changes to the list were detected, using old copy" message.</P><P>With a manual refresh you force out the old EDL information and it would be expected to see that it updated successfully.</P><P>&nbsp;</P><P>Could be a simple issue of wrong error code shown but still might be worth making a case with TAC to confirm this is the case.</P> Sat, 12 Dec 2020 14:13:05 GMT Retired Member 2020-12-12T14:13:05Z https://live.paloaltonetworks.com/t5/general-topics/are-edls-updating-from-passive-device/m-p/373673#M88947 <P><SPAN>Dear community,</SPAN></P><P>&nbsp;</P><P><SPAN>We´ve configured a couple of external dynamic list (IP and URL) on a local minemeld server and the passive device fails to fetch those lists. </SPAN></P><P>&nbsp;</P><P><SPAN>Error obtained is:&nbsp;"Unable to fetch external dynamic list. Couldn't connect to server. Using old copy for refresh."</SPAN></P><P>&nbsp;</P><P><SPAN>Manually forcing the firewall to download the list then it works ok.</SPAN></P><P>&nbsp;</P><P>Service route for External Dynamic Lists&nbsp;and&nbsp;Palo Alto Networks Services&nbsp;service routes&nbsp;are not set, then use MGT interface to fetch the EDLs.</P><P>&nbsp;</P><P>When device becomes active then EDL refresh job completes without issues.</P><P>&nbsp;</P><P>+ Question: Do you know whehter it´s expected behavior the passive device not fetching EDLs?</P><P>&nbsp;</P><P>Thank you!</P> Thu, 10 Dec 2020 22:37:52 GMT https://live.paloaltonetworks.com/t5/general-topics/are-edls-updating-from-passive-device/m-p/373673#M88947 Carracido 2020-12-10T22:37:52Z https://live.paloaltonetworks.com/t5/general-topics/are-edls-updating-from-passive-device/m-p/373754#M88958 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/24977">@Carracido</a>,</P> <P>They should be as long as you aren't using a service route, which you aren't. You should still be seeing EDL Fetch job done and Refresh job success messages in your system log for your EDLs even when the device is in Passive state.&nbsp;</P> Fri, 11 Dec 2020 04:00:48 GMT https://live.paloaltonetworks.com/t5/general-topics/are-edls-updating-from-passive-device/m-p/373754#M88958 BPry 2020-12-11T04:00:48Z https://live.paloaltonetworks.com/t5/general-topics/are-edls-updating-from-passive-device/m-p/374011#M88995 <P>Are you seeing the "Unable to fetch external dynamic list. Couldn't connect to server. Using old copy for refresh." only on the passive device, and does the MGMT IP of the passive device have connectivity to your Minemeld URL?</P><P>As you're stating that manually forcing an update I'm assuming that it does, however I might be interpreting your scenario sketch wrongly. &nbsp;</P><P>&nbsp;</P><P>What we've seen with some of our customers is that the error "Unable to fetch external dynamic list. Couldn't connect to server. Using old copy for refresh." at times is shown on the active device when there are no new or removed IP addresses on the EDL instead of a "Succesfully connected, no changes to the list were detected, using old copy" message.</P><P>With a manual refresh you force out the old EDL information and it would be expected to see that it updated successfully.</P><P>&nbsp;</P><P>Could be a simple issue of wrong error code shown but still might be worth making a case with TAC to confirm this is the case.</P> Sat, 12 Dec 2020 14:13:05 GMT https://live.paloaltonetworks.com/t5/general-topics/are-edls-updating-from-passive-device/m-p/374011#M88995 Retired Member 2020-12-12T14:13:05Z