All sites registering as "unknown"

cancel
Showing results for 
Search instead for 
Did you mean: 

All sites registering as "unknown"

L1 Bithead

Came in today with users screaming that they were getting blocked on all websites.  Finally extracted enough information from them that the category was coming up as “unknown” for all sites…even Google.  Decided it had to be an issue in the URL filtering…updated to latest Brightcloud…no change.

Thought URL cache or dynamic URL cache might be the issue.  SSH-ed into the firewall and issued a clear url-cache all.  That fixed it.  Seems that the URL cache was corrupted.  BTW…I am running 5.0.3 on my PA.

Just thought I would pass that bit of information around in case you encounter that issue, too.

Has anyone else seen this before?

1 ACCEPTED SOLUTION

Accepted Solutions

Hi everyone,

The issue stems from a fix we made with content release 363, which was released to address a larger issue regarding how URL categories are saved in PAN-OS.  At the moment, it appears that the bug is limited to the 5.0 codebase.

For those of you who encounter the issue, please follow the steps recommended to re-initiate your device server:

1.  Make sure the latest content is installed ( > release 363)

2.  clear url-cache all

3.  delete dynamic-url host all

4.  debug software restart device-server

5.  configure

6.  set deviceconfig setting url dynamic-url yes

7.  commit

The above steps will help ensure that the list of URL categories are properly initialized in the device server and will prevent further crashes during URL lookups. 

I'd like to thank everyone for their help and patience in resolving this issue.

Thanks,

Doris

View solution in original post

34 REPLIES 34

L2 Linker

Grrrr!!! - I wondered why our decryption was not working (it's based on URL category)!  Same issue here - 5.0.3 on 4060 - cleared cache and that resolved.  Did you open a case?  Interestingly (not sure if coincidence or not) our 4060's dataplane restarted this morning, within 30 seconds of the updated BrightCloud DB being installed (url-filtering-version: 4058).  I am seeing lots of "unknown" category being logged across our other platforms as well.

L1 Bithead

I am running a PA-500.  Yes, I did open a case.  Support had to clear the cache again, but all seems to be fine right now.  I am going to try a manual Brightcloud update after-hours and see how it goes.

Thanks - I just opened a case as well - we have around 70 firewalls, and most, if not all look to have this issue.  Kinda hard to manually clear cache very quickly on 70 firewalls.  I sure hope they know what's going on and how to stop it!!!

L4 Transporter

Hi all,

Is the problem limited to 5.0.3 or it affects all releases ?

Regards,

HA

Support told me it affects all releases using BrightCloud (that's gotta be a lot of their customers!).

I'm running 5.0.3 URL Filtering version BrightCloud 4057

Running "clear URL-cache all" didn't resolve the issue.

Support had me run the following commands to re-establish a connection with BrightCloud:


admin@PAN(active)> set system setting url-filtering-feature filter true

admin@PAN(active)> set system setting url-filtering-feature cache true

debug software restart device-server

After waiting 15 mins. for the server to restart, ran "clear URL-cache all" again and that seemed to fix the issue. 

L5 Sessionator

Hi everyone,

For those of you who haven't already, please open a case with Support so that we can properly troubleshoot this.  While I understand that the combination of restarting the device server and clearing the URL cache is able to resolve the issue for some, we'd like to fully understand the root cause behind this.  If you're able to spare it, please do not run the recommended commands so that we can troubleshoot your device.

Thanks in advance for your patience and understanding,

Doris

I have a PA4020 running 5.0.3 and I have a PA5020 running 4.1.8.

The 4020 running 5.0.3 is affected by the "unknown" issue.

The 5020 running 4.1.8 seems to be unaffected... categories seem to be working fine.

we had that issue with 5.0.2 at 2 seperate sites.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!