For details on cookie usage on our site, read our Privacy Policy
dns-signature cloud service connection refused.
- LIVEcommunity
- Discussions
- General Topics
- Re: dns-signature cloud service connection refused.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
dns-signature cloud service connection refused.
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-06-2020 05:22 AM
Greetings:
I am seeing in the System Log the following message "dns-signature cloud service connection refused" Checking the traffic logs the management IP address is not being blocked. Where do I look to resolve this error message? Thank you.
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-06-2020 06:42 AM
This also happens if connection to cloud is refused.
Make sure Firewall management interface has connection to cloud
Try this command
show dns-proxy dns-signature info
Regards
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-06-2020 09:39 AM
MP18:
Here is the results of the command. The firewall has Internet access but for some reason cannot connect to the cloud service?
show dns-proxy dns-signature info
Cloud URL: dns.service.paloaltonetworks.com:443
Last Result: Timeout was reached ( 11 sec ago )
Last Server Address:
Parameter Exchange: Interval 1800 sec
Whitelist Refresh: Interval 86400 sec ( Due 83823 sec )
Request Waiting Transmission: 0
Request Pending Response: 0
Cache Size: 8
ping host dns.service.paloaltonetworks.com
PING dns.service.paloaltonetworks.com (130.211.8.196) 56(84) bytes of data.
^C
--- dns.service.paloaltonetworks.com ping statistics ---
12 packets transmitted, 0 received, 100% packet loss, time 11013ms
ping host updates.paloaltonetworks.com
PING updates.gcp.gslb.paloaltonetworks.com (34.96.84.34) 56(84) bytes of data.
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=1 ttl=113 time=231 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=3 ttl=113 time=229 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=4 ttl=113 time=227 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=5 ttl=113 time=228 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=8 ttl=113 time=228 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=9 ttl=113 time=231 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=10 ttl=113 time=228 ms
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-06-2020 11:28 AM
show dns-proxy dns-signature info
Cloud URL: dns.service.paloaltonetworks.com:443
Last Result: Timeout was reached ( 11 sec ago )
Last Server Address:
Parameter Exchange: Interval 1800 sec
Whitelist Refresh: Interval 86400 sec ( Due 83823 sec )
Request Waiting Transmission: 0
Request Pending Response: 0
Cache Size: 8
ping host dns.service.paloaltonetworks.com
PING dns.service.paloaltonetworks.com (130.211.8.196) 56(84) bytes of data.
^C
--- dns.service.paloaltonetworks.com ping statistics ---
12 packets transmitted, 0 received, 100% packet loss, time 11013ms
ping host updates.paloaltonetworks.com
PING updates.gcp.gslb.paloaltonetworks.com (34.96.84.34) 56(84) bytes of data.
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=1 ttl=113 time=231 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=3 ttl=113 time=229 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=4 ttl=113 time=227 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=5 ttl=113 time=228 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=8 ttl=113 time=228 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=9 ttl=113 time=231 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=10 ttl=113 time=228 ms
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-06-2020 11:42 AM
MP:
Here is the output of the command. The firewall does have Internet access and can resolve DNS queries.
show dns-proxy dns-signature info
Cloud URL: dns.service.paloaltonetworks.com:443
Last Result: Timeout was reached ( 11 sec ago )
Last Server Address:
Parameter Exchange: Interval 1800 sec
Whitelist Refresh: Interval 86400 sec ( Due 83823 sec )
Request Waiting Transmission: 0
Request Pending Response: 0
Cache Size: 8
ping host dns.service.paloaltonetworks.com
PING dns.service.paloaltonetworks.com (130.211.8.196) 56(84) bytes of data.
^C
--- dns.service.paloaltonetworks.com ping statistics ---
12 packets transmitted, 0 received, 100% packet loss, time 11013ms
ping host updates.paloaltonetworks.com
PING updates.gcp.gslb.paloaltonetworks.com (34.96.84.34) 56(84) bytes of data.
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=1 ttl=113 time=231 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=3 ttl=113 time=229 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=4 ttl=113 time=227 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=5 ttl=113 time=228 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=8 ttl=113 time=228 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=9 ttl=113 time=231 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=10 ttl=113 time=228 ms
- How can i block user to connect wifi using Cortex in Cortex XDR Discussions
- Problem with the access to the VPN Globalprotect on Android phone in General Topics
- OktaSAML authencation is not working with MacOS Globalprotect in GlobalProtect Discussions
- How to block malicious IP to connect GlobalProtec (Prisma Access) in Prisma Access Discussions
- Palo Alto Session count - Session per second - Connections per Second in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
