- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-16-2024 02:51 AM - edited 12-16-2024 09:00 AM
On an HA pair of PA-460, the commit time is usually around 60 seconds, when changing the DNS settings to something that is not reachable, the commit time changes to 10 minutes+. I've tried replacing the primary but the issue is the same. When I looked at the device server logs there was a continual message with the number incrementing:
debug: pan_tdb_threat_id_hash_find(pan_tcomp_tdb.c:4391): threat_id_hash tid 94952 not found, is it ignored?
and
debug: pan_profile_comp_add_tahash(pan_profile_comp.c:3344): mlav profile_tahsh_insert with tid 52121, appid 0 action 0x300c
This seems to be going through all the threat IDs and maybe this is the reason that the commit has slowed down? If so is there a setting to disable these checks? or speed up the commit time?
12-17-2024 01:23 PM
I'm not aware of any way to really modify how a commit processes without utilizing a commit force, which I don't believe would address this issue at all. Is there a reason why you're changing your DNS settings to servers that aren't accessible?
12-18-2024 12:56 AM
Thanks for your response. I believe the cause is the EDLs. it's for when the internal network is not reachable, and external internet is not accessible.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!