URL Filtering Category is "Unknown"

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

URL Filtering Category is "Unknown"

L1 Bithead

guys,

i have a problem in our Palo alto 5050, it shows a lot of URL websites with Category "unknown", although it shows the right category type on bright cloud website,

any help ??,

Regards,

1 accepted solution

Accepted Solutions

AhmedSheta you can change the default cache time to a shorter interval.  By default this is set to a week.  I like to reduce this to one day.  This prevents the issues you have here with newly categorized sites not being properly recognized.

Updates in url filtering may be delayed by days in application to sessions

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

View solution in original post

7 REPLIES 7

L7 Applicator

Hello AhmedSheta,

By default, any newly registered domain will be "unknown" in PAN-DB until Palo Alto Networks reviews, either manually by the analysis/threat team, or through the crawler (triggered on some event). Once an "unknown" is seen on the Palo Alto Networks servers, it will be put into a prioritized queue for crawling and classification. Once Palo Alto Networks determines a category, it will be included in the next database refresh.


Enable global setting to force dynamic-url lookup:

# set deviceconfig setting url dynamic-url yes

# commit

You may clear the cache with CLI command:

> clear url-cache all

Few related discussions/doc for your reference:

resolving

Many 'Unknown' Entries In URL Log

User Web Traffic Categorized as Unknown

Hope this helps.

Thanks

thanks so much for your reply,

but our problem is like below :

when you test the url on cli using test url ......

it shows the category,

cli.jpg

but on the url filtering logs it shows like that

guui.jpg

so any help ???

Could you please follow the DOC and clear cache from both data-plane and management-plane: How to Handle a URL Miscategorization

Thanks

Any progress on this...?

Thanks

it works, but should i do this everytime manually when i see unknown traffic, why the palo alto is not directly adjust it,

Regards,

Hello AhmedSheta,

The device will automatically refresh it's cache table with updated information from the cloud. There is a process that executes the attempts to see if any cached entry in the DP URL cache has been updated with new on-device database.

Can be manually cleared using the following CLI command from Managaement-Plane:

> deletedynamic-url <argument>

Can manually set dynamic URL cache timeout value through the following CLI command:

> debug device-server reset url dynamic-url-timeout <1-43200>

Can be manually cleared using the following CLI command from Data-Plane:

> clear url-cache

Thanks

AhmedSheta you can change the default cache time to a shorter interval.  By default this is set to a week.  I like to reduce this to one day.  This prevents the issues you have here with newly categorized sites not being properly recognized.

Updates in url filtering may be delayed by days in application to sessions

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 1 accepted solution
  • 5068 Views
  • 7 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!