5.0.3 PAN Firewalls and 5.0.3 Panorama

Reply
Highlighted
Not applicable

5.0.3 PAN Firewalls and 5.0.3 Panorama

I have an open case already but I would like to post this out to the community. We recently purchased a new Panorama device and new 3050 firewalls and noticed during the configuration of the URL Filtering section that while the new firewalls have the new listed categories such as "cheating" and "illegal", the Panorama server does not have them listed. Therefore, I cannot manage these two categories from Panorama; in addition, because I created the profile at the Panorama, I cannot manage them at the firewall either. Has anyone run across this before? if so, what is the solution? Thank you in Advance.


Accepted Solutions
Highlighted
L4 Transporter

Re: 5.0.3 PAN Firewalls and 5.0.3 Panorama

Panorama retrieves the URL or BrightCloud content with the Applications and Threats updates. Panorama only retrieves the URL categories, as it does not require the entire URL database. What Applications and Threats version is on Panorama? Are you on the latest version?


Ben

View solution in original post


All Replies
Highlighted
L4 Transporter

Re: 5.0.3 PAN Firewalls and 5.0.3 Panorama

It sounds like you are using 2 different URL databases. Most likely, the firewall is using Brightcloud and Panorama is using Surfcontrol, but one may be using paloaltonetworks (pandb). You can verify this by executing the command on both devices:

show system setting url-database

You will want to verify which URL DB you are licensed for from the Device tab > Licenses page, then set the correct db on both devices, if needed, with the following command:

set system setting url-database {brightclooud | pandb}

Ben

Highlighted
Not applicable

Re: 5.0.3 PAN Firewalls and 5.0.3 Panorama

I checked as you suggested and all systems (Panorama and firewalls) are running brightcloud. The Panorama does not show a listing for URL licensing but each firewall is licensed to use brightcloud.

Not applicable

Re: 5.0.3 PAN Firewalls and 5.0.3 Panorama

I also went ahead and force a "set" to use brightcloud at the panorama (where the problem is) but it came saying "Server error : URL database already set to 'brightcloud'"

Highlighted
L4 Transporter

Re: 5.0.3 PAN Firewalls and 5.0.3 Panorama

Panorama retrieves the URL or BrightCloud content with the Applications and Threats updates. Panorama only retrieves the URL categories, as it does not require the entire URL database. What Applications and Threats version is on Panorama? Are you on the latest version?


Ben

View solution in original post

Highlighted
Not applicable

Re: 5.0.3 PAN Firewalls and 5.0.3 Panorama

ok. It was discovered that from the Panorama tab, the dynamic updates was not configured; therefore, I set the schedule and forced an initial download and install to get things going which finally allowed me to see the missing categories at the Panorama level. Issue is now resolved. Thank you for your input!

Highlighted
L4 Transporter

Re: 5.0.3 PAN Firewalls and 5.0.3 Panorama

You're welcome. I'm glad to hear the issue was a fairly simple one that was easily resolved.

Ben

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!