i have a problem in our Palo alto 5050, it shows a lot of URL websites with Category "unknown", although it shows the right category type on bright cloud website,
any help ??,
Solved! Go to Solution.
By default, any newly registered domain will be "unknown" in PAN-DB until Palo Alto Networks reviews, either manually by the analysis/threat team, or through the crawler (triggered on some event). Once an "unknown" is seen on the Palo Alto Networks servers, it will be put into a prioritized queue for crawling and classification. Once Palo Alto Networks determines a category, it will be included in the next database refresh.
Enable global setting to force dynamic-url lookup:
# set deviceconfig setting url dynamic-url yes
You may clear the cache with CLI command:
> clear url-cache all
Few related discussions/doc for your reference:
Hope this helps.
thanks so much for your reply,
but our problem is like below :
when you test the url on cli using test url ......
it shows the category,
but on the url filtering logs it shows like that
so any help ???
Could you please follow the DOC and clear cache from both data-plane and management-plane: How to Handle a URL Miscategorization
The device will automatically refresh it's cache table with updated information from the cloud. There is a process that executes the attempts to see if any cached entry in the DP URL cache has been updated with new on-device database.
Can be manually cleared using the following CLI command from Managaement-Plane:
> deletedynamic-url <argument>
Can manually set dynamic URL cache timeout value through the following CLI command:
> debug device-server reset url dynamic-url-timeout <1-43200>
Can be manually cleared using the following CLI command from Data-Plane:
> clear url-cache
AhmedSheta you can change the default cache time to a shorter interval. By default this is set to a week. I like to reduce this to one day. This prevents the issues you have here with newly categorized sites not being properly recognized.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!