MineMeld URL Access Error

Reply
Highlighted
L2 Linker

MineMeld URL Access Error

I have setup MineMeld on a VM and it seems to be working correctly but, when I setup the EDBL on a PAN firewall and test it, I get a "URL access error" message on the firewall. I can access the feed if I put the URL into a browser and can see the list of addresses.

 

I get the same error whether using the IP or FQDN as the Source. I've even gone as far as configuring MineMeld with our 3rd-party wildcard certificate in case the self-signed certificate was causing the issue, but this hasn't helped.

 

Any advice would be appriciated.

Tags (3)
L2 Linker

Re: MineMeld URL Access Error

Looks like the issue was caused by our Palo Alto Updates service route set to the external interface and the MineMeld URL being internally accessible only. Changed the serrvice route to default and then the EDBLSource was accessible.

 

https://live.paloaltonetworks.com/t5/Management-Articles/Dynamic-Block-Lists-DBL-not-working-Service...

L7 Applicator

Re: MineMeld URL Access Error

Hi @Ash2k,

I think a possible alternative is using a specific Destination route for the MineMeld IP.

L2 Linker

Re: MineMeld URL Access Error

Hi Imori,

 

I did try this at first but got an error when accessing the URL. Have just tested it again with entries for both the IP and FQDN but can only access the URL when the "Palo Alto Updates " service route is set to the internal.

 

Would have been nice to set a specific destination route and still have Palo Alto Updates going out via the external interface.

 

Ash

L7 Applicator

Re: MineMeld URL Access Error

Yes, I will talk to PMs about this.

L0 Member

Re: MineMeld URL Access Error

When changed service route to default instead of external interface internal IP EDBLSource was accessible but external resolving services didn't work like "dynamic update " . how to fix that

L7 Applicator

Re: MineMeld URL Access Error

Hi @Mohamed-Hakim,

please, could you share more details about your network layout and configuration ?

 

Thanks,

luigi

Flo
L1 Bithead

Re: MineMeld URL Access Error

Thank you, the other way would be to deploy MineMeld in the DMZ so it is reachable from Untrust, but I'd rather not do so.

Is there any reason [security?] why our palo alto consultant configured the "Palo Alto Update Service" to use a specific external interface rather than "default" ?

Security at the expense of usability comes at the expense of security.
L1 Bithead

Re: MineMeld URL Access Error

Having an issue with EDL miner output.  I am able to see the IPs associated for the output miner when I click on the URL in mindmeld.  However if I copy and paste that URL I receive an unauthorized error message and when I click test URL on the firewall I get a URL error message.  Any suggestions on correcting this issue.  

 

Thanks 

L7 Applicator

Re: MineMeld URL Access Error

Hi @rohill,

the "problem" is that MineMeld on Autofocus by default authenticates accesses to the feeds. You should define credentials to access that feed and associate a tag to it.

More details here: https://live.paloaltonetworks.com/t5/MineMeld-Articles/Connecting-PAN-OS-to-MineMeld-using-External-...

 

Luigi

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!