- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
dns-signature cloud service connection refused.
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- Re: dns-signature cloud service connection refused.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
dns-signature cloud service connection refused.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-06-2020 05:22 AM
Greetings:
I am seeing in the System Log the following message "dns-signature cloud service connection refused" Checking the traffic logs the management IP address is not being blocked. Where do I look to resolve this error message? Thank you.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-06-2020 06:42 AM
This also happens if connection to cloud is refused.
Make sure Firewall management interface has connection to cloud
Try this command
show dns-proxy dns-signature info
Regards
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-06-2020 09:39 AM
MP18:
Here is the results of the command. The firewall has Internet access but for some reason cannot connect to the cloud service?
show dns-proxy dns-signature info
Cloud URL: dns.service.paloaltonetworks.com:443
Last Result: Timeout was reached ( 11 sec ago )
Last Server Address:
Parameter Exchange: Interval 1800 sec
Whitelist Refresh: Interval 86400 sec ( Due 83823 sec )
Request Waiting Transmission: 0
Request Pending Response: 0
Cache Size: 8
ping host dns.service.paloaltonetworks.com
PING dns.service.paloaltonetworks.com (130.211.8.196) 56(84) bytes of data.
^C
--- dns.service.paloaltonetworks.com ping statistics ---
12 packets transmitted, 0 received, 100% packet loss, time 11013ms
ping host updates.paloaltonetworks.com
PING updates.gcp.gslb.paloaltonetworks.com (34.96.84.34) 56(84) bytes of data.
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=1 ttl=113 time=231 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=3 ttl=113 time=229 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=4 ttl=113 time=227 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=5 ttl=113 time=228 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=8 ttl=113 time=228 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=9 ttl=113 time=231 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=10 ttl=113 time=228 ms
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-06-2020 11:28 AM
show dns-proxy dns-signature info
Cloud URL: dns.service.paloaltonetworks.com:443
Last Result: Timeout was reached ( 11 sec ago )
Last Server Address:
Parameter Exchange: Interval 1800 sec
Whitelist Refresh: Interval 86400 sec ( Due 83823 sec )
Request Waiting Transmission: 0
Request Pending Response: 0
Cache Size: 8
ping host dns.service.paloaltonetworks.com
PING dns.service.paloaltonetworks.com (130.211.8.196) 56(84) bytes of data.
^C
--- dns.service.paloaltonetworks.com ping statistics ---
12 packets transmitted, 0 received, 100% packet loss, time 11013ms
ping host updates.paloaltonetworks.com
PING updates.gcp.gslb.paloaltonetworks.com (34.96.84.34) 56(84) bytes of data.
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=1 ttl=113 time=231 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=3 ttl=113 time=229 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=4 ttl=113 time=227 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=5 ttl=113 time=228 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=8 ttl=113 time=228 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=9 ttl=113 time=231 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=10 ttl=113 time=228 ms
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-06-2020 11:42 AM
MP:
Here is the output of the command. The firewall does have Internet access and can resolve DNS queries.
show dns-proxy dns-signature info
Cloud URL: dns.service.paloaltonetworks.com:443
Last Result: Timeout was reached ( 11 sec ago )
Last Server Address:
Parameter Exchange: Interval 1800 sec
Whitelist Refresh: Interval 86400 sec ( Due 83823 sec )
Request Waiting Transmission: 0
Request Pending Response: 0
Cache Size: 8
ping host dns.service.paloaltonetworks.com
PING dns.service.paloaltonetworks.com (130.211.8.196) 56(84) bytes of data.
^C
--- dns.service.paloaltonetworks.com ping statistics ---
12 packets transmitted, 0 received, 100% packet loss, time 11013ms
ping host updates.paloaltonetworks.com
PING updates.gcp.gslb.paloaltonetworks.com (34.96.84.34) 56(84) bytes of data.
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=1 ttl=113 time=231 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=3 ttl=113 time=229 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=4 ttl=113 time=227 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=5 ttl=113 time=228 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=8 ttl=113 time=228 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=9 ttl=113 time=231 ms
64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=10 ttl=113 time=228 ms
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-04-2021 04:10 AM
I have the identical issue, have you been able to resolve it?
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-04-2021 04:19 AM
I worked with TAC and we were not able to resolve the issue. The firewall is located in China so we believe the issue had to do with "The Firewall of China". The issue since has resolved itself.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-04-2021 04:41 AM
I'll open a TAC case also since the Timeout enhancement has not helped.
Tnx!
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-25-2021 09:45 PM
It seems you have to enable paloalto-dns-security app.
- GlobalProtect on internal connection does not display loginID in General Topics
- GlobalProtect "Connect Before Logon" not working with Duo SSO in GlobalProtect Discussions
- Does enforce users to connect GP option works with internal host detection? in GlobalProtect Discussions
- XDR Analytics "Failed Connections" alert investigation in Cortex XDR Discussions
- Global Protect The network connection is unreachable in VM-Series in the Public Cloud
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
