This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

brightcloud active option unavailable

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

brightcloud active option unavailable

Gururaj
L4 Transporter

‎10-12-2015 12:32 AM

Hi,

     We couldn't activate brightcloud url filtering with our old database.

I have attached the screenshot for you reference, kindly look into it and help.

 

 

 

with regards,

Ram

 

PA_URL_license.png

0 Likes Likes
3 REPLIES 3

reaper
Cyber Elite
Cyber Elite

‎10-12-2015 02:52 AM

Hi Ram

 

It looks like the device is having trouble downloading the DB on both URL filtering, you may need to troubleshoot connectivity from your management interface towards the internet first before you'll be able to switch databases.

 

You'll want to verify if DNS is being resolved

> ping host service.brightcloud.com
> ping host updates.paloaltonetworks.com

Don't worry if you don't get ping replies, these services don't respond to ping, but it's an easy way to check if your firewall is able to resolve DNS for these hosts. If the IP is not resolcved, please verify your DNS settings.

 

Next you can try a manual download

> request url-filtering upgrade brightcloud
> request url-filtering download status vendor brightcloud

If this is still failing you may need to verify your traffic logs to see if the download is being blocked by a security policy

 

Once the DB is downloaded you should be able to active the url filtering

 

 

 

 

hope this helps

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

Gururaj
L4 Transporter
In response to reaper

‎10-12-2015 03:16 AM

Hi Tom,

            Thanks for the reply.

I did a packet caputre on the firewall I found that CA of next hop is not trusted by palo alto.

In my scenario palo alto is behind the proxy server, during the connection palo alto doesnt trust the proxy.

 

pcap.PNG

 

And in the certificate trust list, import option is unavaiable.

 

 

 

trustlist.PNG

 

kindly give some suggestions.

 

 

with regards,

Ram.

0 Likes Likes

reaper
Cyber Elite
Cyber Elite
In response to Gururaj

‎10-12-2015 04:41 AM

Hi Ram

 

you could try setting a service route for updates or bypassing the proxy entirely for management plane connections, the proxy may not be forwarding the crl/ocsp properly

 

2015-10-12_13-39-33.png

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes
  • 2534 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks