06-03-2010 06:45 AM
Yesterday our PAN started running very slowly i.e. lots of sites taking forever to start loading.
I noticed on Dynamic Updates, for URL filtering I have this error listed:
Error: Failed to get response from device server. Please try again later. |
If I disable URL filtering on my policies everything is working perfectly.
Nothing has changed on the PAN and web/threat/virus updates are occurring sucessfully i.e. outbound connectivity is there.
Any ideas please?
It's running 3.1.2
06-03-2010 06:46 AM
I am having the same problem as well w/the message and it is making me think that may be what caused the PAN to lock up a couple of days ago. If I click on Dynamic Updates a second time then the URL Filtering Status displays properly.
06-03-2010 10:26 AM
Did a remote session with our vendor and Palo direct - seems the daemon (for lack of a better word) that handles all that stuff has died, but due to the time difference no devs were in the offices at PAN to take a look at the logs.
He gave me a command sequence to run to restart the service, not at the office right now to recall what it is, but if someone from PAN is reading this I'm sure they'll have some input.
06-03-2010 10:40 AM
The command is: debug software restart device-server
06-03-2010 12:36 PM
I also have this same error. Was also having an issue when updating - where traffic flowing through the PAN would severely degrade. Working with Warren in support - he had me disable "Dynamic URL Filtering" under the URL Filtering Policy - and that resolved the traffic degradation. Still outstanding on the error - but it comes and goes. I believe the error started after going from 3.1 to 3.1.1 (currently running 3.1.2).
Cheers,
Mike
02-09-2011 09:21 AM
Hello !
I have the same problem with a PA2050 in 3.1.6.
I have try the following command :
debug software restart device-server.
But this command not resolved my problem even if I can see with CLI that the PA2050 update daily his URL DATABASE
it's a known error in this version? I must open a case?
02-09-2011 11:54 AM
Hi,
We'd have to delve deeper into your devsr.logs to help assist with determining root cause. That message is typically denoting an issue when the devsrvr is busy or restarting and the mgtsrvr isn't able to get information from it in the interim. Please open a case with PA Support for further diagnosis.
Thanks,
Renato
02-10-2011 06:25 AM
If the firewall does not have the ability to contact the Brightcloud servers you will see the message "Error: Failed to get response from device server. Please try again later." on the Dynamic Updates page.
Things to consider when debugging:
1. does the management interface have a route to the internet? (routes; NAT, policy based forwarding)
2. does the management interface's route to the internet have any policy that is not allowing web-browsing (TCP:80) and/or SSL (TCP:443)? (security policy; captive portal; URL filtering)
I have seen situations where the firewall had captive portal configured for unknown IP addresses and the URL download/updates failed because there was no policy in the captive portal to allow the management interface IP to be exempted from captive portal. Management IP is not ever going to have a user-to-IP-mapping so unless there is a policy exemption it will be subject to "minimum access" rules that you have configured.
-Benjamin
06-13-2013 01:00 PM
Be careful with this command. Sometimes the restart of the device-server goes wrong requiring an entire reboot. If running in HA mode consider failing over before restarting the Device Server. This is especially true during high utilization.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
