MineMeld URL Access Error

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

MineMeld URL Access Error

L2 Linker

I have setup MineMeld on a VM and it seems to be working correctly but, when I setup the EDBL on a PAN firewall and test it, I get a "URL access error" message on the firewall. I can access the feed if I put the URL into a browser and can see the list of addresses.

 

I get the same error whether using the IP or FQDN as the Source. I've even gone as far as configuring MineMeld with our 3rd-party wildcard certificate in case the self-signed certificate was causing the issue, but this hasn't helped.

 

Any advice would be appriciated.

1 accepted solution

Accepted Solutions

L2 Linker

Looks like the issue was caused by our Palo Alto Updates service route set to the external interface and the MineMeld URL being internally accessible only. Changed the serrvice route to default and then the EDBLSource was accessible.

 

https://live.paloaltonetworks.com/t5/Management-Articles/Dynamic-Block-Lists-DBL-not-working-Service...

View solution in original post

9 REPLIES 9

L2 Linker

Looks like the issue was caused by our Palo Alto Updates service route set to the external interface and the MineMeld URL being internally accessible only. Changed the serrvice route to default and then the EDBLSource was accessible.

 

https://live.paloaltonetworks.com/t5/Management-Articles/Dynamic-Block-Lists-DBL-not-working-Service...

Hi @Ash2k,

I think a possible alternative is using a specific Destination route for the MineMeld IP.

Hi Imori,

 

I did try this at first but got an error when accessing the URL. Have just tested it again with entries for both the IP and FQDN but can only access the URL when the "Palo Alto Updates " service route is set to the internal.

 

Would have been nice to set a specific destination route and still have Palo Alto Updates going out via the external interface.

 

Ash

Yes, I will talk to PMs about this.

When changed service route to default instead of external interface internal IP EDBLSource was accessible but external resolving services didn't work like "dynamic update " . how to fix that

Hi @Mohamed-Hakim,

please, could you share more details about your network layout and configuration ?

 

Thanks,

luigi

Thank you, the other way would be to deploy MineMeld in the DMZ so it is reachable from Untrust, but I'd rather not do so.

Is there any reason [security?] why our palo alto consultant configured the "Palo Alto Update Service" to use a specific external interface rather than "default" ?

Security at the expense of usability comes at the expense of security.

L1 Bithead

Having an issue with EDL miner output.  I am able to see the IPs associated for the output miner when I click on the URL in mindmeld.  However if I copy and paste that URL I receive an unauthorized error message and when I click test URL on the firewall I get a URL error message.  Any suggestions on correcting this issue.  

 

Thanks 

Hi @rohill,

the "problem" is that MineMeld on Autofocus by default authenticates accesses to the feeds. You should define credentials to access that feed and associate a tag to it.

More details here: https://live.paloaltonetworks.com/t5/MineMeld-Articles/Connecting-PAN-OS-to-MineMeld-using-External-...

 

Luigi

  • 1 accepted solution
  • 19153 Views
  • 9 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!