Are EDLs updating from passive device?

Reply
L3 Networker

Are EDLs updating from passive device?

Dear community,

 

We´ve configured a couple of external dynamic list (IP and URL) on a local minemeld server and the passive device fails to fetch those lists.

 

Error obtained is: "Unable to fetch external dynamic list. Couldn't connect to server. Using old copy for refresh."

 

Manually forcing the firewall to download the list then it works ok.

 

Service route for External Dynamic Lists and Palo Alto Networks Services service routes are not set, then use MGT interface to fetch the EDLs.

 

When device becomes active then EDL refresh job completes without issues.

 

+ Question: Do you know whehter it´s expected behavior the passive device not fetching EDLs?

 

Thank you!

Cyber Elite

@Carracido,

They should be as long as you aren't using a service route, which you aren't. You should still be seeing EDL Fetch job done and Refresh job success messages in your system log for your EDLs even when the device is in Passive state. 

L2 Linker

Are you seeing the "Unable to fetch external dynamic list. Couldn't connect to server. Using old copy for refresh." only on the passive device, and does the MGMT IP of the passive device have connectivity to your Minemeld URL?

As you're stating that manually forcing an update I'm assuming that it does, however I might be interpreting your scenario sketch wrongly.  

 

What we've seen with some of our customers is that the error "Unable to fetch external dynamic list. Couldn't connect to server. Using old copy for refresh." at times is shown on the active device when there are no new or removed IP addresses on the EDL instead of a "Succesfully connected, no changes to the list were detected, using old copy" message.

With a manual refresh you force out the old EDL information and it would be expected to see that it updated successfully.

 

Could be a simple issue of wrong error code shown but still might be worth making a case with TAC to confirm this is the case.

-- In case of emergency unplug cables--
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!