Seeing an error message show up in the System logs:
"Cloud is not ready, There was no update from the cloud in the last 630 minutes. 04/18 09:49:25"
I have connectivity to updates.paloaltonetworks.com, as the Palo is able to retrieve licenses and any updates, such as dynamic updates, and I am able to 'Check now' in the Software updates tab.
If I run 'tail follow yes mp-log ms.log' whilst checking for software updates I can see I'm successfully connecting to the update server.
Resolving updates.paloaltonetworks.com... 22.214.171.124
Connecting to updates.paloaltonetworks.com|126.96.36.199|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 71877 (70K) [text/xml]
Saving to: `/opt/pancfg/mgmt/global/upgradeinfo.xml.10009.tmp'
0K . 100% 245K=0.3s
2016-04-18 11:13:35 (245 KB/s) - `/opt/pancfg/mgmt/global/upgradeinfo.xml.10009.tmp' saved [71877/71877]
2016-04-18 11:13:36.782 +0100 No upload information available
2016-04-18 11:13:36.792 +0100 Error: pan_mgmt_get_sysd_string(pan_cfg_status_handler.c:367): failed to fetch cfg.platform.uuid
2016-04-18 11:13:37.417 +0100 No upload information available
2016-04-18 11:13:37.427 +0100 Error: pan_mgmt_get_sysd_string(pan_cfg_status_handler.c:367): failed to fetch cfg.platform.uuid"
I don't think there is much of an issue here, as I can reach the update server, but is it trying to reach something else? What could it be? Not much information on this elsewhere, so I'd like this to be online so people with the same issue can at least find something!
Turns out it's the PAN-DB's cloud that's causing the issue.
show url-cloud status
PAN-DB URL Filtering
License : valid
Cloud connection : not connected
URL database version - device : 2016.01.20.470
URL protocol version - device : pan/0.0.2
admin@CNN054974(active)> test url facebook.com
facebook.com social-networking (Base db) expires in 0 seconds
facebook.com cloud-unavailable (Cloud db)
admin@CNN054974(active)> ping source x.x.x.x host s0000.urlcloud.paloaltonetworks.com
PING s0000.urlcloud.paloaltonetworks.com (188.8.131.52) from x.x.x.x : 56(84) bytes of data.
64 bytes from s0501.urlcloud.paloaltonetworks.com (184.108.40.206): icmp_seq=1 ttl=40 time=233 ms
64 bytes from s0501.urlcloud.paloaltonetworks.com (220.127.116.11): icmp_seq=2 ttl=40 time=233 ms
64 bytes from s0501.urlcloud.paloaltonetworks.com (18.104.22.168): icmp_seq=3 ttl=40 time=233 ms
64 bytes from s0501.urlcloud.paloaltonetworks.com (22.214.171.124): icmp_seq=4 ttl=40 time=233 ms
64 bytes from s0501.urlcloud.paloaltonetworks.com (126.96.36.199): icmp_seq=5 ttl=40 time=233 ms
If I can ping the cloud, but my box is disconnected, what can cause this?
Appreciate the help with this.
Assuming that you have ruled out local network issues and have validated that the Palo Alto Networks device appears to be in good health I would suggest opening a support case.
Our team can help isolate the issue and find a solution and/or workarounds to keep your environment safe and stable.
Just querying to see if anyone has come across this before. This is currently a support case I am working on, but hoped someone with a similar issue would be able to comment.
I will be diagnosing this further tomorrow and will update the post if I find a solution. In the meantime, feel free to add your thoughts if you're currently reading this.
This was a couple of months ago now, but I just wanted to let someone know we resolved this by upgrading to the latest apps and threats version - 550. This exact content version won't resolve future issues now, but it may be a good step to take if the same issue re-appears.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!