Issues again with Brightcloud Services

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Issues again with Brightcloud Services

L4 Transporter

On the 12th of November 2012, I am having issues again with Brightcloud not resolving websites from the cloud dB.  This has happened in the month of October 2012 as well.  The Brightcloud services cannot receive data as well.  All connections look absoutely fine and this just started happening out of the blue.

This is also happening across all my customers causing serious issues...

Can someone from PAN please let us know what is happening with a reason this time...and can this please be looked into ASAP...

Many Thanks

Kalyan

31 REPLIES 31

L2 Linker

it seems that adding brightcould app to allowed apps group resolved that error for me. But it just depends in what IP segments your management consoles address is and if it it shares that segment (and what policies) with something else For me - problem resolved Smiley Happy

L3 Networker

In my case I didn't change anything and it works again:

"description contains 'URL filtering database was upgraded from version 3980 to version 3981 by the auto-update agent'"

Good to know that it's working again for you, porrl, but I'd still like to obtain an explanation from BrightCloud as to what happened here.  Kalyan, please let me know if you're still experiencing an issue.

Thanks,

Doris

L4 Transporter

No changes were done at my end.  Things without adding / modifying any rules or service routes seemed to be fine today so far.  I will leave it monitoring now for a couple of days before adding an extra rule for the brightcloud app.

But again, I would really like to know of what is going wrong with Brightcloud.  I am more curious to know the issue / fault.

Cheers..

Kalyan

Thanks for the update, Kalyan.  I'm happy to hear that things are working for you now, though I'm also very keen on finding the details of what happened here.  I'll continue to work with BrightCloud to see what we can find, and will post any details if they come my way.

--Doris

Thank you Doris..

One the same note; are there issues with the app-id for bit torrent.  It looks like bit torrent as an app when added to a security rule and set to deny is going through on port 80.  This just started happening today.  The same rule was working perfect till date and all of a sudden it decided not to work today.

Nothing has changed in terms of application based security rules apart from downgrading from 4.1.8 to 4.1.7

Cheers..

Kalyan

L4 Transporter

This issue of brightcloud not able to contact for updates on port 80 is back in the haunting again.  What is exactly going wrong..??

The option for adding application Brightcloud or setting the service routes to use the outgoing interface aren't helpful.  In all cases, I get the error cannot contact brightcloud.

Please can I know what is exactly going wrong and when will it be stablised?

Many Thanks

Kalyan

L4 Transporter

Seems like we have the same issue. Adding application brightcloud did not resolve the issue.

We're located in Belgium.

PAN-OS 4.1.8-h3

Updates go through WAN interface.

How do I check what version of brightcloud seed file I currently have (GUI or CLI) ?

Hi Dieter,

You can check what version of BrightCloud you're using in the UI by checking the dashboard under general information.  Alternatively, you can use the CLI command "show system info"

BrightCloud is currently not showing any service outages in Europe:

http://www.brightcloud.com/status/eu.php#service

To eliminate the possibility of DNS TTL, can you (and Kalyan) let me know if you are using your own DNS server or are you using one from your ISP?  Do you know what the cache policy is?  Do they obey DNS TTL?

Thanks,

Doris

URL filtering version on the dashboard is 3987. But how do I know that's the latest available ? On your support website under Dynamic updates, the Brightcloud seed file (if that is the same as URL filtering) doesn't mention a version number (like apps and antivirus do).

Dynamic updates on the device tab in the GUI is hardly a reference, since the checks are failing...

We have our own DNS server with our ISP's configured as forwarders. No DNS proxy on the PA-2020. Not sure about TTL. Can you give a specific domain name and ip it should resolve to? Though I highly doubt it's a DNS issue...

If you go to the BrightCloud website and enter a URL for categorization, part of the information that is returned to you is the latest version of the database:

brightcloud.com/support/lookup.php

I'm not convinced it's a DNS issue, either, but I just want to eliminate the possibility.  BrightCloud load balances using DNS, so if you do not obey DNS TTL, there may be an issue of using older IP addresses.

--Doris

When checking for updates, I see traffic to four IP addresses:

79.125.5.124     (amazon)

208.87.136.247     (webroot)

94.236.25.159     (brightcloud)

64.87.3.54     (complexdrive)

Can you confirm these ?

Logged url for all of them is service.brightcloud.com

Seems plausible for a load balanced DNS...

Thats what my DNS-server tells me aswell (located in Sweden):

;; QUESTION SECTION:

;service.brightcloud.com.       IN      A

;; ANSWER SECTION:

service.brightcloud.com. 300    IN      A       208.87.136.247

service.brightcloud.com. 300    IN      A       79.125.5.124

service.brightcloud.com. 300    IN      A       64.87.3.54

service.brightcloud.com. 300    IN      A       94.236.25.159

Thanks, Dieter.  And just to clarify, when you did the DNS lookup, was that during a time in which you were having issues connecting to BrightCloud?

I am still getting errors in system log:

- Cannot receive data from  'service.brightcloud.com:80' to download BrightCloud URL database <-- this one daily at the same time

- Failed to connect to Brightcloud update server service.brightcloud.com, initiated by X.X.X.X

But on the other hand, my brightcloud version is up to date.

What event would I get on a successful update ?

  • 9434 Views
  • 31 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!