All sites registering as "unknown"

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

All sites registering as "unknown"

L1 Bithead

Came in today with users screaming that they were getting blocked on all websites.  Finally extracted enough information from them that the category was coming up as “unknown” for all sites…even Google.  Decided it had to be an issue in the URL filtering…updated to latest Brightcloud…no change.

Thought URL cache or dynamic URL cache might be the issue.  SSH-ed into the firewall and issued a clear url-cache all.  That fixed it.  Seems that the URL cache was corrupted.  BTW…I am running 5.0.3 on my PA.

Just thought I would pass that bit of information around in case you encounter that issue, too.

Has anyone else seen this before?

Not Inigo Montoya...you are safe, with or without 6 fingers.
1 accepted solution

Accepted Solutions

Hi everyone,

The issue stems from a fix we made with content release 363, which was released to address a larger issue regarding how URL categories are saved in PAN-OS.  At the moment, it appears that the bug is limited to the 5.0 codebase.

For those of you who encounter the issue, please follow the steps recommended to re-initiate your device server:

1.  Make sure the latest content is installed ( > release 363)

2.  clear url-cache all

3.  delete dynamic-url host all

4.  debug software restart device-server

5.  configure

6.  set deviceconfig setting url dynamic-url yes

7.  commit

The above steps will help ensure that the list of URL categories are properly initialized in the device server and will prevent further crashes during URL lookups. 

I'd like to thank everyone for their help and patience in resolving this issue.

Thanks,

Doris

View solution in original post

34 REPLIES 34

L2 Linker

Grrrr!!! - I wondered why our decryption was not working (it's based on URL category)!  Same issue here - 5.0.3 on 4060 - cleared cache and that resolved.  Did you open a case?  Interestingly (not sure if coincidence or not) our 4060's dataplane restarted this morning, within 30 seconds of the updated BrightCloud DB being installed (url-filtering-version: 4058).  I am seeing lots of "unknown" category being logged across our other platforms as well.

L1 Bithead

I am running a PA-500.  Yes, I did open a case.  Support had to clear the cache again, but all seems to be fine right now.  I am going to try a manual Brightcloud update after-hours and see how it goes.

Not Inigo Montoya...you are safe, with or without 6 fingers.

Thanks - I just opened a case as well - we have around 70 firewalls, and most, if not all look to have this issue.  Kinda hard to manually clear cache very quickly on 70 firewalls.  I sure hope they know what's going on and how to stop it!!!

L4 Transporter

Hi all,

Is the problem limited to 5.0.3 or it affects all releases ?

Regards,

HA

Support told me it affects all releases using BrightCloud (that's gotta be a lot of their customers!).

I'm running 5.0.3 URL Filtering version BrightCloud 4057

Running "clear URL-cache all" didn't resolve the issue.

Support had me run the following commands to re-establish a connection with BrightCloud:


admin@PAN(active)> set system setting url-filtering-feature filter true

admin@PAN(active)> set system setting url-filtering-feature cache true

debug software restart device-server

After waiting 15 mins. for the server to restart, ran "clear URL-cache all" again and that seemed to fix the issue. 

L5 Sessionator

Hi everyone,

For those of you who haven't already, please open a case with Support so that we can properly troubleshoot this.  While I understand that the combination of restarting the device server and clearing the URL cache is able to resolve the issue for some, we'd like to fully understand the root cause behind this.  If you're able to spare it, please do not run the recommended commands so that we can troubleshoot your device.

Thanks in advance for your patience and understanding,

Doris

I have a PA4020 running 5.0.3 and I have a PA5020 running 4.1.8.

The 4020 running 5.0.3 is affected by the "unknown" issue.

The 5020 running 4.1.8 seems to be unaffected... categories seem to be working fine.

we had that issue with 5.0.2 at 2 seperate sites.

I'm assuming you work for PA... do you guys have appliances running 5.0 that you can try to recreate this issue with?

I have a PA4020 running PANOS 5.0.3 with URL Filtering update 4058 that exhibits this issue (only custom URL categories show up with the correct category).

I also have a PA5020 running PANOS 4.1.8 with URL Filtering update 4058 that does not exhibit this issue.

L1 Bithead

Applied a Brighcloud and Antivirus update early this morning with no issues.  I hope PaloAlto will let us know the root cause analysis outcome.  Thanks all for your information posting here and opening support cases.  I tend to dig here first.

Not Inigo Montoya...you are safe, with or without 6 fingers.

I am having the same issue and have a case open

Yes, we are actively troubleshooting this and I'll update this thread once we have some more details to share.

Thanks again for everyone's patience.

--Doris

L4 Transporter

I just updated to URL Filtering content release 4059, and did a 'debug software restart device-server' followed by a 'clear url-cache all' and the issue seems to be resolved.

  • 1 accepted solution
  • 14142 Views
  • 34 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!