09-24-2014 01:05 AM
guys,
i have a problem in our Palo alto 5050, it shows a lot of URL websites with Category "unknown", although it shows the right category type on bright cloud website,
any help ??,
Regards,
09-24-2014 02:46 PM
AhmedSheta you can change the default cache time to a shorter interval. By default this is set to a week. I like to reduce this to one day. This prevents the issues you have here with newly categorized sites not being properly recognized.
Updates in url filtering may be delayed by days in application to sessions
09-24-2014 01:23 AM
Hello AhmedSheta,
By default, any newly registered domain will be "unknown" in PAN-DB until Palo Alto Networks reviews, either manually by the analysis/threat team, or through the crawler (triggered on some event). Once an "unknown" is seen on the Palo Alto Networks servers, it will be put into a prioritized queue for crawling and classification. Once Palo Alto Networks determines a category, it will be included in the next database refresh.
Enable global setting to force dynamic-url lookup:
# set deviceconfig setting url dynamic-url yes
# commit
You may clear the cache with CLI command:
> clear url-cache all
Few related discussions/doc for your reference:
Many 'Unknown' Entries In URL Log
User Web Traffic Categorized as Unknown
Hope this helps.
Thanks
09-24-2014 01:55 AM
thanks so much for your reply,
but our problem is like below :
when you test the url on cli using test url ......
it shows the category,
but on the url filtering logs it shows like that
so any help ???
09-24-2014 02:05 AM
Could you please follow the DOC and clear cache from both data-plane and management-plane: How to Handle a URL Miscategorization
Thanks
09-24-2014 02:22 AM
Any progress on this...?
Thanks
09-24-2014 02:57 AM
it works, but should i do this everytime manually when i see unknown traffic, why the palo alto is not directly adjust it,
Regards,
09-24-2014 04:45 AM
Hello AhmedSheta,
The device will automatically refresh it's cache table with updated information from the cloud. There is a process that executes the attempts to see if any cached entry in the DP URL cache has been updated with new on-device database.
Can be manually cleared using the following CLI command from Managaement-Plane:
> deletedynamic-url <argument>
Can manually set dynamic URL cache timeout value through the following CLI command:
> debug device-server reset url dynamic-url-timeout <1-43200>
Can be manually cleared using the following CLI command from Data-Plane:
> clear url-cache
Thanks
09-24-2014 02:46 PM
AhmedSheta you can change the default cache time to a shorter interval. By default this is set to a week. I like to reduce this to one day. This prevents the issues you have here with newly categorized sites not being properly recognized.
Updates in url filtering may be delayed by days in application to sessions
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
