PAN-DB is not connect to cloud

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PAN-DB is not connect to cloud

L4 Transporter

DB Cloud is not connected as i have 9.0.3h3 version. And this command is also not running. Please suggest

 

request url-filtering download paloaltonetworks region <region_name>

Joshan_Lakhani_0-1586860186931.png

 

10 REPLIES 10

Cyber Elite
Cyber Elite

@Joshan_Lakhani,

 

Please check few points like,

 

1. DNS is configured on device and it is working properly.

2. try to ping "s0000.urlcloud.paloaltonetworks.com" from management interface or interface which is customized under Service Route Config.

3. If possible check NTP status as well.

4. Then check download database status by using below command.

 

 

request url-filtering download status vendor brightcloud

 

Hope it helps!

 

Mayur

 

 

M

Thanks you reply 

 

1. DNS is configured on device and it is working properly.

As we have see that dynamic update all are working fine.

2. try to ping "s0000.urlcloud.paloaltonetworks.com" from management interface or interface which is customized under Service Route Config. 

 

Yes it Ping 

3. If possible check NTP status as well.

 

Clock is also configure properly

 

4. Then check download database status by using below command.

request url-filtering download status vendor brightcloud

 

As we have PAN-DB  license so it's bright cloud is working or not.

 

After upgrading from PAN Os 8.1.x to 9.0.3 h3 we are facing this issue please suggest. As i read the some KB file and found that after retrieve license and download DB seed and then activity license is it's help are not.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIdCAK

@Joshan_Lakhani,

 

I dont think there is issue with the code. One of my gateway is also on same version since long time and did not faced this issue.

What do you see under system logs by filtering subtype as 'url-filtering'?

 

Also look at below article if it helps you,

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PN3LCAW

 

Mayur

M

we cannot see that system logs b/c After three month we have see this issue before it not working.

@Joshan_LakhaniHave you checked the KB article given in my earlier response?

 

Mayur

M

Thank you for reply 

 

As we find this issue in system logs.

And also see the KB which you provide me in previous reply.

 

Joshan_Lakhani_0-1587016913894.png

 

@Joshan_Lakhani,

 

As already said, one of my firewall is running on same version since long time and i am not seeing any such issue with it. When i am checking URL cloud status on it, it is showing connected to cloud server " serverlist.urlcloud.paloaltonetworks.com".

You can try once by manually specifying PAN-DB server under below tab and check if firewall shows connected. Personally i never did this but you can give a try. This  setting is available under Device - Setup - Content-ID.

 

SutareMayur_1-1587022688294.png

 

If you still  face same issue, i would recommend you to connect with support TAC.

 

Mayur

 

"

M

debug device-server pan-url-db cloud-reelect >>Try this.

 

and if you want to know the exact reason behind connectivity issues then check the devsrvr logs

L0 Member

Sorry for the necro but I had similar issue after failing to passive firewall. Cloud was not connected and the below command fixed my issue. This all occurred after a long outage on the core switch and the firewall did not have access out.

"debug software restart process device-server"

PAN OS 9.0.9-h1

 

I hope this helps someone because I looked everywhere and did not run across this command till I opened a TAC case.

 

L0 Member

For me what was causing this was the missing of the app "pan-db-cloud" at the Security Policy rule, hope that help.

  • 20296 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!