03-22-2017 06:18 AM
I have setup MineMeld on a VM and it seems to be working correctly but, when I setup the EDBL on a PAN firewall and test it, I get a "URL access error" message on the firewall. I can access the feed if I put the URL into a browser and can see the list of addresses.
I get the same error whether using the IP or FQDN as the Source. I've even gone as far as configuring MineMeld with our 3rd-party wildcard certificate in case the self-signed certificate was causing the issue, but this hasn't helped.
Any advice would be appriciated.
03-22-2017 06:34 AM - edited 03-22-2017 06:34 AM
Looks like the issue was caused by our Palo Alto Updates service route set to the external interface and the MineMeld URL being internally accessible only. Changed the serrvice route to default and then the EDBLSource was accessible.
03-22-2017 06:34 AM - edited 03-22-2017 06:34 AM
Looks like the issue was caused by our Palo Alto Updates service route set to the external interface and the MineMeld URL being internally accessible only. Changed the serrvice route to default and then the EDBLSource was accessible.
03-24-2017 01:18 AM
Hi @Ash2k,
I think a possible alternative is using a specific Destination route for the MineMeld IP.
03-28-2017 04:40 AM
Hi Imori,
I did try this at first but got an error when accessing the URL. Have just tested it again with entries for both the IP and FQDN but can only access the URL when the "Palo Alto Updates " service route is set to the internal.
Would have been nice to set a specific destination route and still have Palo Alto Updates going out via the external interface.
Ash
03-29-2017 02:29 AM
Yes, I will talk to PMs about this.
04-16-2017 07:09 PM
When changed service route to default instead of external interface internal IP EDBLSource was accessible but external resolving services didn't work like "dynamic update " . how to fix that
04-18-2017 02:55 AM
Hi @Mohamed-Hakim,
please, could you share more details about your network layout and configuration ?
Thanks,
luigi
11-07-2017 06:32 PM
Thank you, the other way would be to deploy MineMeld in the DMZ so it is reachable from Untrust, but I'd rather not do so.
Is there any reason [security?] why our palo alto consultant configured the "Palo Alto Update Service" to use a specific external interface rather than "default" ?
07-24-2019 09:47 AM
Having an issue with EDL miner output. I am able to see the IPs associated for the output miner when I click on the URL in mindmeld. However if I copy and paste that URL I receive an unauthorized error message and when I click test URL on the firewall I get a URL error message. Any suggestions on correcting this issue.
Thanks
07-25-2019 06:33 AM
Hi @rohill,
the "problem" is that MineMeld on Autofocus by default authenticates accesses to the feeds. You should define credentials to access that feed and associate a tag to it.
More details here: https://live.paloaltonetworks.com/t5/MineMeld-Articles/Connecting-PAN-OS-to-MineMeld-using-External-...
Luigi
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
