Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
03-19-2013 08:27 AM
Came in today with users screaming that they were getting blocked on all websites. Finally extracted enough information from them that the category was coming up as “unknown” for all sites…even Google. Decided it had to be an issue in the URL filtering…updated to latest Brightcloud…no change.
Thought URL cache or dynamic URL cache might be the issue. SSH-ed into the firewall and issued a clear url-cache all. That fixed it. Seems that the URL cache was corrupted. BTW…I am running 5.0.3 on my PA.
Just thought I would pass that bit of information around in case you encounter that issue, too.
Has anyone else seen this before?
03-20-2013 06:09 PM
Hi everyone,
Just a minor update - we're still investigating the root cause of the issue and why it seems to have only affected PAN-OS 5.0.x and not PAN-OS 4.1.x customers (if you're using PAN-OS 4.1 and see this issue, please let us know). In the meantime, it appears that the key to restoring functionality is to restart the device server - you should not need to clear your entire cache.
More updates as they come.
Thanks,
Doris
03-21-2013 07:46 AM
one of our PAN is using 4.1.9 ....only affected on 1 single domain detected as unknown 
03-21-2013 10:45 AM
We are seeing this as well at 5.0.3, clearing the URL cache hasn't fixed anything so we are opening a ticket. We are on Brightcloud 4059, so we are up to date on that.
03-21-2013 11:39 AM
Hi bmellem,
As mentioned before, please restart your device server in order to resolve this issue.
Thanks,
Doris
03-22-2013 12:00 PM
This happened to us today, running 5.0.2. Resetting the cache fixed it. I would like to know the cause when found..
03-22-2013 12:28 PM
below are commands support gave me when I called in with the same issue running 5.0.3.
clear url-cache all
delete dynamic-url host all
debug software restart device-server
configure
set deviceconfig setting url dynamic-url yes
commit
03-22-2013 02:11 PM
Hi everyone,
The issue stems from a fix we made with content release 363, which was released to address a larger issue regarding how URL categories are saved in PAN-OS. At the moment, it appears that the bug is limited to the 5.0 codebase.
For those of you who encounter the issue, please follow the steps recommended to re-initiate your device server:
1. Make sure the latest content is installed ( > release 363)
2. clear url-cache all
3. delete dynamic-url host all
4. debug software restart device-server
5. configure
6. set deviceconfig setting url dynamic-url yes
7. commit
The above steps will help ensure that the list of URL categories are properly initialized in the device server and will prevent further crashes during URL lookups.
I'd like to thank everyone for their help and patience in resolving this issue.
Thanks,
Doris
03-23-2013 01:08 PM
Doris,
Some kind of an "this is what we're doing to ensure this doesn't happen again" explanation would be much appreciated... otherwise, what are we as customers expected to do? Only do content updates once a week?
03-25-2013 07:20 AM
This is still an issue with us. I verified and entered all commands given by Doris previously. Now not all sites are showing 'unknown'. but sites that I can verify are categorized correctly in Brightcloud are still showing as unknown. We are running 5.0.2 and are on 364 of the content release.
03-25-2013 08:23 AM
In addition to the aforementioned problem, we are also seeing a high number of 'not-resolved' sites. Please respond..
03-25-2013 02:18 PM
cloughr: Just for the record, make sure you contact the support directly at support@paloaltonetworks.com (or whoever you have a supportcontract with) or by phone since this is just a community forum.
But also please return with whatever the support said or helped you with in case there are new findings in this case.
03-25-2013 02:55 PM
If you're getting category "not-resolved", that usually indicates an issue communicating with the server itself. As mikand mentioned, please contact Palo Alto Networks Support directly to better troubleshoot and resolve your issue.
03-26-2013 05:20 AM
I contacted support at the time of posting my original message. The rep spent an hour looking at logs, re-running the commands recommended here, and left me with, "I will research and get back to you". I received one email since, asking for the version of the content release, even though we covered that during the hour session (it's up to date). Bottom line- I have two problems that are not resolved, #1- sites show as 'unknown' even though brightcloud correctly categorizes them; #2- sites show as 'not-resolved' even though brightcloud correctly categorizes them. Prior to last week, this wasn't a problem. I have had to make my environment less secure by allowing these categories. If possible, I would like to escalate case #00126530. I do not have time to waste on someone poking around our firewall making guesses..
03-26-2013 06:12 AM
Try to disable url cache completely
And then restart device server again
03-26-2013 01:40 PM
Was called by a senior engineer this afternoon. The issue will be resolved on 5.0.4 due out the 2nd week of April. No details on actual cause, but at least a date on the new PanOS release. Since my initial issue, it has not repeated on my PA-500.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
