11-12-2012 04:30 AM
On the 12th of November 2012, I am having issues again with Brightcloud not resolving websites from the cloud dB. This has happened in the month of October 2012 as well. The Brightcloud services cannot receive data as well. All connections look absoutely fine and this just started happening out of the blue.
This is also happening across all my customers causing serious issues...
Can someone from PAN please let us know what is happening with a reason this time...and can this please be looked into ASAP...
Many Thanks
Kalyan
11-14-2012 04:22 AM
it seems that adding brightcould app to allowed apps group resolved that error for me. But it just depends in what IP segments your management consoles address is and if it it shares that segment (and what policies) with something else For me - problem resolved 
11-14-2012 09:33 AM
In my case I didn't change anything and it works again:
"description contains 'URL filtering database was upgraded from version 3980 to version 3981 by the auto-update agent'"
11-14-2012 10:22 AM
Good to know that it's working again for you, porrl, but I'd still like to obtain an explanation from BrightCloud as to what happened here. Kalyan, please let me know if you're still experiencing an issue.
Thanks,
Doris
11-14-2012 11:12 AM
No changes were done at my end. Things without adding / modifying any rules or service routes seemed to be fine today so far. I will leave it monitoring now for a couple of days before adding an extra rule for the brightcloud app.
But again, I would really like to know of what is going wrong with Brightcloud. I am more curious to know the issue / fault.
Cheers..
Kalyan
11-14-2012 11:35 AM
Thanks for the update, Kalyan. I'm happy to hear that things are working for you now, though I'm also very keen on finding the details of what happened here. I'll continue to work with BrightCloud to see what we can find, and will post any details if they come my way.
--Doris
11-14-2012 11:54 AM
Thank you Doris..
One the same note; are there issues with the app-id for bit torrent. It looks like bit torrent as an app when added to a security rule and set to deny is going through on port 80. This just started happening today. The same rule was working perfect till date and all of a sudden it decided not to work today.
Nothing has changed in terms of application based security rules apart from downgrading from 4.1.8 to 4.1.7
Cheers..
Kalyan
11-21-2012 09:38 AM
This issue of brightcloud not able to contact for updates on port 80 is back in the haunting again. What is exactly going wrong..??
The option for adding application Brightcloud or setting the service routes to use the outgoing interface aren't helpful. In all cases, I get the error cannot contact brightcloud.
Please can I know what is exactly going wrong and when will it be stablised?
Many Thanks
Kalyan
11-22-2012 02:00 AM
Seems like we have the same issue. Adding application brightcloud did not resolve the issue.
We're located in Belgium.
PAN-OS 4.1.8-h3
Updates go through WAN interface.
How do I check what version of brightcloud seed file I currently have (GUI or CLI) ?
11-22-2012 09:56 AM
Hi Dieter,
You can check what version of BrightCloud you're using in the UI by checking the dashboard under general information. Alternatively, you can use the CLI command "show system info"
BrightCloud is currently not showing any service outages in Europe:
http://www.brightcloud.com/status/eu.php#service
To eliminate the possibility of DNS TTL, can you (and Kalyan) let me know if you are using your own DNS server or are you using one from your ISP? Do you know what the cache policy is? Do they obey DNS TTL?
Thanks,
Doris
11-22-2012 11:52 PM
URL filtering version on the dashboard is 3987. But how do I know that's the latest available ? On your support website under Dynamic updates, the Brightcloud seed file (if that is the same as URL filtering) doesn't mention a version number (like apps and antivirus do).
Dynamic updates on the device tab in the GUI is hardly a reference, since the checks are failing...
We have our own DNS server with our ISP's configured as forwarders. No DNS proxy on the PA-2020. Not sure about TTL. Can you give a specific domain name and ip it should resolve to? Though I highly doubt it's a DNS issue...
11-22-2012 11:59 PM
If you go to the BrightCloud website and enter a URL for categorization, part of the information that is returned to you is the latest version of the database:
brightcloud.com/support/lookup.php
I'm not convinced it's a DNS issue, either, but I just want to eliminate the possibility. BrightCloud load balances using DNS, so if you do not obey DNS TTL, there may be an issue of using older IP addresses.
--Doris
11-23-2012 12:32 AM
When checking for updates, I see traffic to four IP addresses:
79.125.5.124 (amazon)
208.87.136.247 (webroot)
94.236.25.159 (brightcloud)
64.87.3.54 (complexdrive)
Can you confirm these ?
Logged url for all of them is service.brightcloud.com
Seems plausible for a load balanced DNS...
11-23-2012 12:56 AM
Thats what my DNS-server tells me aswell (located in Sweden):
;; QUESTION SECTION:
;service.brightcloud.com. IN A
;; ANSWER SECTION:
service.brightcloud.com. 300 IN A 208.87.136.247
service.brightcloud.com. 300 IN A 79.125.5.124
service.brightcloud.com. 300 IN A 64.87.3.54
service.brightcloud.com. 300 IN A 94.236.25.159
11-23-2012 09:45 AM
Thanks, Dieter. And just to clarify, when you did the DNS lookup, was that during a time in which you were having issues connecting to BrightCloud?
11-25-2012 11:36 PM
I am still getting errors in system log:
- Cannot receive data from 'service.brightcloud.com:80' to download BrightCloud URL database <-- this one daily at the same time
- Failed to connect to Brightcloud update server service.brightcloud.com, initiated by X.X.X.X
But on the other hand, my brightcloud version is up to date.
What event would I get on a successful update ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
