EDL file problem

L7 Applicator

Re: EDL file problem

Hi @paul_w,

the firewall is downloading 1210 bytes but the file does not contain any valid indicator.

Is the feed the O365 Skype IPv4 addresses ? That should be around 8K (306 indicators).

Could the firewall be hitting an error response page somewhere ?

Is authentication enabled on MineMeld ?

L2 Linker

Re: EDL file problem

Hello @lmori

 

Yes the feed the O365 Skype IPv4 addresses.

 

The only thing between the EDL and MineMeld server is the PA-5020 that is the peer for the VPN.

 

No authentication for output feeds is disabled

 

I have copy/pasted the output from the MineMeld feed to a text file and put it on a web server in another part of the network, created another EDL on the same firewall and the EDL wont populate from the web server either.

 

Could the problem be related in someway to the format of the data ?

 

For info - I have got an EBL and an EDL accessing the same MineMeld feed locally with no problems but they are running PANOS 6.1.10 and 7.1.6

 

Thanks.

L7 Applicator

Re: EDL file problem

Could it be that the session is triggering a URL policy deny or a captive portal on the firewall on the otehr side of the VPN ?

The EDL downloader on PAN-OS then would be downloading some data (the URL access deny page or the captive portal) and that would explain the error.

L2 Linker

Re: EDL file problem

Hello @lmori -

 

I am currently waiting for someone to test connectivity to the EDL feed from the other side of the VPN.

 

Looking at my problem from a different angle, do you know whether there are any external feeds available that I can try to use until I resolve my problem please ?

 

Thank you. 

L7 Applicator

Re: EDL file problem

You can check https://panwdbl.appspot.com - my old web application. Is way less powerful than MineMeld and contains a small subset of the feeds, but it could be enough for testing the EDLs.

L2 Linker

Re: EDL file problem

Hello @lmori -

 

I have had confirmation that a device on the same network as the firewall management interface can access the feed via a browser and can see the IP list without any block pages being displayed.

 

Are there any test commands that can be run from the firewall, is it possible to see the contents of the file that is being downloaded ?

 

Thanks.

L2 Linker

Re: EDL file problem

Hello @lmori

 

I have been able to populate the EDL object from other web servers so I believe I must have encountered the bug you referred to in your first reply...even though I was unable to find any error messages in the log file.

 

Thank you for your assistance.

 

Kind Regards, paul_w

 

 

L2 Linker

Re: EDL file problem

Hi All,

I am facing a strange EDL issue on my firewalls. I have various models of PAN and they all are on 8.0.7+ versions.

 

What happens?

- EDL works fine without any issues, suddenly EDL stops working. Access to all IP addresses inside that specific EDL breaks.

- I checked the EDL list on CLI with following command, and I see all entries listed under the EDL:

requesst system external-list show type ip name XXXXX

 

Workaround - I manually refresh the EDL. And once successfully completed, everything starts working.

 

Suspected issue -

PAN-100244 - Seen on PAN-OS 8.1.4, and fixed on PAN-OS 8.1.5.

 

I am noticing this issue on PAN-OS 8.0.7 as well, is this something related to OS issue? Is there any permanent fix for this issue? Please advise.

 

Thanks in advance.

 

Regards,

Raghav

L7 Applicator

Re: EDL file problem

Hi @RbadigerCY,

this seems something related to PAN-OS. Do you have a ticket for this?

 

Luigi

L2 Linker

Re: EDL file problem

Yes, this is a bug related to PAn-OS 8.1.4, which is okay for me. However I have other PAN devices whihc are running on other OS, they are also having same issues.

 

Regards,

Raghav

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!