URL Categorization suddenly failing as not-resolved for Google search URLs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

URL Categorization suddenly failing as not-resolved for Google search URLs

L6 Presenter

Is anyone else seeing sudden failures in URL categorization for Google searches? Starting within the last hour or so we are seeing intermittent blocks as not-resolved for search URLs, but not for the Google homepage or any other websites (that I have been able to find so far). Initial error seem to be a HTTP2 compression error to the Google server, followed by not-resolved categorization for any search URLs in the form https://www.google.com/search?q=test.... After a few minutes it works again for a couple tries, then goes back to not-resolved.

2023-09-06_135545.png

 

URL-cloud database connection is valid and updating normally. No other errors in the PA logs that I can find. Anyone seeing similar?

 

Edit: Also seeing not-resolved errors for https://www.google.com/maps URLs as well.

1 accepted solution

Accepted Solutions

L0 Member

Hi Everyone,

Just an update, engineering team has applied the short-term fix, and you shouldn't see the 'not-resolved' issue constantly, they will be working on permanent fix to fundamentally resolve the Pandb cloud performance issue caused by massive google URL publishing and this fix will be transparent to customers in future. So right now, you can start to undo the workaround implemented ( whitelisted *.google.com URLs, Increase Category lookup timeout (sec) values) if you prefer.

Thanks!

View solution in original post

15 REPLIES 15

L0 Member

Yes, we started seeing the same thing on any Google Search page as of about 4:40PM Eastern.  Opening a ticket now.

We're experiencing the same issue. 

L6 Presenter

Yes, digging thru my PA logs even deeper. Seeing it started at 13:03 GMT-7 (with a few more intermittent in the 11:30-12:30 range), for URLs:

www.google.com/search?

www.google.com/maps/

www.google.com/recapcha/

www.google.com/?gws_id=

www.google.com/url?

chat.google.com/

accounts.google.com/

play.google.com/

adservice.google.com/

meet.google.com/

analytics.google.com/

mail.google.com/

 

 

L0 Member

Same here.  Although news.google.com is working. I noticed they have set their TTL to 300 secs.

L0 Member

Yup.  Ticket is open with support.  Just updated all my filters that had it set to "continue" to "alert" for the time being to avoid user issue calls.  Don't want to leave it that way for long, but at least it works for the moement.

L6 Presenter

Yeah, I was going to possibly add www.google.com/ to my custom URL category allow filter for the time being. In discussions with our Infosec department. Don't want to leave it that way for long, but it is a simple bypass in the mean time.

L0 Member

thanks going to give this a try. We noticed it was happening with URLs with extended lengths but still under the 256 character limit. Started at the same time yesterday as everyone else.

L0 Member

Hi Everyone,

Just an update, engineering team has applied the short-term fix, and you shouldn't see the 'not-resolved' issue constantly, they will be working on permanent fix to fundamentally resolve the Pandb cloud performance issue caused by massive google URL publishing and this fix will be transparent to customers in future. So right now, you can start to undo the workaround implemented ( whitelisted *.google.com URLs, Increase Category lookup timeout (sec) values) if you prefer.

Thanks!

Yes, I saw this a bit earlier today. This morning it was still showing up as "not-resolved" in the local cache:

 

adrian.admin@PA-HA(active)> test url www.google.com/search

www.google.com/search not-resolved (Base db)expires in 5 seconds
www.google.com/search search-engines low-risk (Cloud db)

adrian.admin@PA-HA(active)> test url-info-host www.google.com/search

www.google.com/search: Doesn't exist in the URL DB

adrian.admin@PA-HA(active)> test url-info-cloud www.google.com/search

BM:
google.com/search,9,5,search-engines,low-risk
google.com/search?q=community+first+foundation+site:coloradogivesfoundation.org%26rlz=1c1gceb%5fenus848us848%26sa=x%26ve  d=2ahukewid0j394j3%5fahxredqihtntcluqran6bagteae%26cshid=1685474396026528,9,5,society,low-risk

 

 

Then this afternoon it started showing up as matching the cloud category but doesn't actually exist in the local DB (though it somehow shows as cached with an expiration date in an overall query...). Seems like they pushed something that always cancels local caching for the google.com URLs.

 

adrian.admin@PA-HA(active)> test url www.google.com/search

www.google.com/search search-engines low-risk (Base db)expires in 1650 seconds
www.google.com/search search-engines low-risk (Cloud db)

adrian.admin@PA-HA(active)> test url-info-host www.google.com/search

www.google.com/search: Doesn't exist in the URL DB

adrian.admin@PA-HA(active)> test url-info-cloud www.google.com/search

BM:
google.com/search,9,5,search-engines,low-risk
google.com/search?q=community+first+foundation+site:coloradogivesfoundation.org%26rlz=1c1gceb%5fenus848us848%26sa=x%26ved=2ahukewid0j394j3%5fahxredqihtntcluqran6bagteae%26cshid=1685474396026528,9,5,society,low-risk

 

 

We have undone our temporary fix and so far not seen any issues.

L2 Linker

Hi Team

 

Is there any update for this issue, the same issue is faced by on of my customer as well.

 

Regards

Roney Rajan

It happened again. Google.com is not resolving. Looks like it's mostly related to docs.google.com and drive.google.com 

 

Put temp fix back in place. 

L6 Presenter

15min or so it was not working for a couple minutes, but has already resolved itself.

 

I have seen this multiple times over the last few weeks as it will temporarily not resolve for a minute and then work normally again. It looks like PA still has the temporary patch in. Not sure if they are testing patch removal or the patch fails momentarily from time to time.

L2 Linker

Hi @Adrian_Jensen @ahameed @therealpackerhacker @fmedranoIII 

 

I am also facing the same issue and affecting the business as well, is there any permanent fix for this issue or not?

My PAN-OS version is 10.1.9-h3

Regards

Roney Rajan

  • 1 accepted solution
  • 9315 Views
  • 15 replies
  • 4 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!