Long commit times when changing DNS settings

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Long commit times when changing DNS settings

L2 Linker

On an HA pair of PA-460, the commit time is usually around 60 seconds, when changing the DNS settings to something that is not reachable, the commit time changes to 10 minutes+. I've tried replacing the primary but the issue is the same. When I looked at the device server logs there was a continual message with the number incrementing:

 

debug: pan_tdb_threat_id_hash_find(pan_tcomp_tdb.c:4391): threat_id_hash tid 94952 not found, is it ignored?

 

and

 

debug: pan_profile_comp_add_tahash(pan_profile_comp.c:3344): mlav profile_tahsh_insert with tid 52121, appid 0 action 0x300c

 

This seems to be going through all the threat IDs and maybe this is the reason that the commit has slowed down? If so is there a setting to disable these checks? or speed up the commit time?

3 REPLIES 3

Cyber Elite
Cyber Elite

@s0lselcia,

I'm not aware of any way to really modify how a commit processes without utilizing a commit force, which I don't believe would address this issue at all. Is there a reason why you're changing your DNS settings to servers that aren't accessible?

Thanks for your response. I believe the cause is the EDLs. it's for when the internal network is not reachable, and external internet is not accessible.

Cyber Elite
Cyber Elite

Hello,

Do you have a lot of objects that are DNS based? Also in the logs, do you have the check box for resolve DNS checked?

 

Just thinking out loud.

 

Regards,

  • 314 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!