Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
03-19-2013 08:27 AM
Came in today with users screaming that they were getting blocked on all websites. Finally extracted enough information from them that the category was coming up as “unknown” for all sites…even Google. Decided it had to be an issue in the URL filtering…updated to latest Brightcloud…no change.
Thought URL cache or dynamic URL cache might be the issue. SSH-ed into the firewall and issued a clear url-cache all. That fixed it. Seems that the URL cache was corrupted. BTW…I am running 5.0.3 on my PA.
Just thought I would pass that bit of information around in case you encounter that issue, too.
Has anyone else seen this before?
03-22-2013 02:11 PM
Hi everyone,
The issue stems from a fix we made with content release 363, which was released to address a larger issue regarding how URL categories are saved in PAN-OS. At the moment, it appears that the bug is limited to the 5.0 codebase.
For those of you who encounter the issue, please follow the steps recommended to re-initiate your device server:
1. Make sure the latest content is installed ( > release 363)
2. clear url-cache all
3. delete dynamic-url host all
4. debug software restart device-server
5. configure
6. set deviceconfig setting url dynamic-url yes
7. commit
The above steps will help ensure that the list of URL categories are properly initialized in the device server and will prevent further crashes during URL lookups.
I'd like to thank everyone for their help and patience in resolving this issue.
Thanks,
Doris
03-19-2013 11:59 AM
Grrrr!!! - I wondered why our decryption was not working (it's based on URL category)! Same issue here - 5.0.3 on 4060 - cleared cache and that resolved. Did you open a case? Interestingly (not sure if coincidence or not) our 4060's dataplane restarted this morning, within 30 seconds of the updated BrightCloud DB being installed (url-filtering-version: 4058). I am seeing lots of "unknown" category being logged across our other platforms as well.
03-19-2013 12:08 PM
I am running a PA-500. Yes, I did open a case. Support had to clear the cache again, but all seems to be fine right now. I am going to try a manual Brightcloud update after-hours and see how it goes.
03-19-2013 12:16 PM
Thanks - I just opened a case as well - we have around 70 firewalls, and most, if not all look to have this issue. Kinda hard to manually clear cache very quickly on 70 firewalls. I sure hope they know what's going on and how to stop it!!!
03-19-2013 12:25 PM
Hi all,
Is the problem limited to 5.0.3 or it affects all releases ?
Regards,
HA
03-19-2013 03:31 PM
Support told me it affects all releases using BrightCloud (that's gotta be a lot of their customers!).
03-19-2013 03:51 PM
I'm running 5.0.3 URL Filtering version BrightCloud 4057
Running "clear URL-cache all" didn't resolve the issue.
Support had me run the following commands to re-establish a connection with BrightCloud:
admin@PAN(active)> set system setting url-filtering-feature filter true
admin@PAN(active)> set system setting url-filtering-feature cache true
debug software restart device-server
03-19-2013 06:51 PM
Hi everyone,
For those of you who haven't already, please open a case with Support so that we can properly troubleshoot this. While I understand that the combination of restarting the device server and clearing the URL cache is able to resolve the issue for some, we'd like to fully understand the root cause behind this. If you're able to spare it, please do not run the recommended commands so that we can troubleshoot your device.
Thanks in advance for your patience and understanding,
Doris
03-20-2013 06:49 AM
I have a PA4020 running 5.0.3 and I have a PA5020 running 4.1.8.
The 4020 running 5.0.3 is affected by the "unknown" issue.
The 5020 running 4.1.8 seems to be unaffected... categories seem to be working fine.
03-20-2013 06:52 AM
we had that issue with 5.0.2 at 2 seperate sites.
03-20-2013 06:59 AM
I'm assuming you work for PA... do you guys have appliances running 5.0 that you can try to recreate this issue with?
I have a PA4020 running PANOS 5.0.3 with URL Filtering update 4058 that exhibits this issue (only custom URL categories show up with the correct category).
I also have a PA5020 running PANOS 4.1.8 with URL Filtering update 4058 that does not exhibit this issue.
03-20-2013 06:59 AM
Applied a Brighcloud and Antivirus update early this morning with no issues. I hope PaloAlto will let us know the root cause analysis outcome. Thanks all for your information posting here and opening support cases. I tend to dig here first.
03-20-2013 09:55 AM
I am having the same issue and have a case open
03-20-2013 01:34 PM
Yes, we are actively troubleshooting this and I'll update this thread once we have some more details to share.
Thanks again for everyone's patience.
--Doris
03-20-2013 01:57 PM
I just updated to URL Filtering content release 4059, and did a 'debug software restart device-server' followed by a 'clear url-cache all' and the issue seems to be resolved.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
