What Happens if the Server Configured for blocking External Dynamic List Becomes Unreachable?
17087
Created On 09/26/18 13:55 PM - Last Modified 05/27/21 03:14 AM
Symptom
The EBLRefresh job which occurs at the frequency specified in the configuration will show the following warning if connectivity to the server is lost: "EBL(vsys1/test) Unable to fetch external list. Using old copy for refresh.
Environment
- Palo Alto Firewall.
- Any PAN-OS.
- External Dynamic List (EDL)
Resolution
The Palo Alto Networks device will retain the last successfully retrieved list and continue operating with the current information until the connection is restored with the server where the block list resides.
For example:
- Run show jobs all to see all the jobs, and look for the EBLRefresh job.
> show jobs all
Enqueued ID Type Status Result Completed
---------------------------------------------------------------------
2013/03/25 19:45:10 342 Exec FIN OK 19:45:16
2013/03/25 19:45:48 343 EBLRefresh FIN OK 19:48:19
- If the job id for EBLRefresh is determined, then run show jobs id <id number>
> show jobs id 343
Enqueued ID Type Status Result Completed
---------------------------------------------------------------------
2013/03/25 19:45:48 343 EBLRefresh FIN OK 19:48:19
Warnings: Details:EBL(vsys1/test) Unable to fetch external list. Using old copy for refresh.
Note: The term EDL (External Dynamic List) was formally called EBL (External Block List). Essentially they are the same.
Additional Information
The last successfully refreshed copy is also retained in the following scenarios:
- Management Plane Restart.
- Data Plane Restart.
- Device Reboot.
- Software Upgrade/Downgrade
For more details on EDL Refer to External Dynamic List documentation.