01-02-2013 06:32 AM
Hello all,
Last week I did the upgrade on my PA 2020 box from 4.18 to the latest 5.0.1 version. Today is the first day that most of the staff are back in and I have noticed that a lot of people are requesting websites to be unblocked. Having looked at the logs these URL's that are being blocked are showing as URL category not-resolved. This is causing us a bit of a headache as the web rules are based on category, but without going and requesting catagory changes on all these URL's or manually going and adding them to the allow URL list is there anything else I can do?
Is this something anybody else has noticed or is it just me?
01-03-2013 11:11 AM
Hi JR,
The "not-resolved" category means that your data plane has not received an answer from the management plane/BrightCloud server in the set timeout period (default of 5 seconds). This could either mean that the BrightCloud servers are down, an issue with your network connection (for connecting to the BrightCloud servers), or something else between the data plane and management plane. Since this was working for you before, I'm assuming there's nothing wrong with your network connection. BrightCloud has not reported any server outages in the last few days, so I suspect that there may be something else going on with your device. If you haven't already, please open a ticket with Support so that we can further troubleshoot.
Thanks,
Doris
01-02-2013 09:21 AM
Hi J R,
Check if you have dynamic URL filtering enabled under the URL filtering profile
If not try enabling that. Here are details on that Dynamic URL filtering
Select to enable dynamic URL categorization.
Here is another doc that might further clarify things
https://live.paloaltonetworks.com/docs/DOC-3685
In addition to enabling the Dynamic URL filtering and committing.
Do the following from the CLI
> configure
# set deviceconfig setting url dynamic-url yes
> clear url-cache all
> delete dynamic-url host all
Hopefully this helps.
Thank you
Numan
01-02-2013 09:31 AM
Hi Mbutt,
Thanks for that info. I already have Dynamic Filtering enabled, but I will try do the CLI commands you suggested.
I have also logged a call with my support and they have had the same issue off of the URL's we have had this issue with.
01-02-2013 11:07 AM
JR,
Just a quick check - has your URL filtering license expired?
--Doris
01-03-2013 12:45 AM
Hi Doris,
No, the license is good until end of Sept 2013
01-03-2013 07:50 AM
I tried the CLI commands (the exact same ones my support ppl suggested) but no joy. Seem to be getting quite a few websites that are getting this not-resolved category.
Am I really the only person who is noticing this? Or does everyone else use some other way of doing security rules for allow/block lists other then URL categories?
01-03-2013 11:11 AM
Hi JR,
The "not-resolved" category means that your data plane has not received an answer from the management plane/BrightCloud server in the set timeout period (default of 5 seconds). This could either mean that the BrightCloud servers are down, an issue with your network connection (for connecting to the BrightCloud servers), or something else between the data plane and management plane. Since this was working for you before, I'm assuming there's nothing wrong with your network connection. BrightCloud has not reported any server outages in the last few days, so I suspect that there may be something else going on with your device. If you haven't already, please open a ticket with Support so that we can further troubleshoot.
Thanks,
Doris
06-05-2013 01:29 PM
Hello,
Does "not-resolved" status have the same indication within PANDB?
Thanks!
Mike
06-05-2013 01:34 PM
Hi Mike,
Yes, "not-resolved" means the same thing in both BrightCloud and PAN-DB. If you see this category come up, it means that there was either an issue connecting to the server (BrightCloud or PAN-DB), or that your MP may have been overloaded at the time and the DP exceeded the default waiting period (5 seconds) for an answer back from the MP.
--Doris
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
