05-24-2010 12:17 PM
i'm having issues updating the URL ,but the threat and content are being updated without problem.
I tried changing dns but see error i get when i force update
May 23 22:54:10 Error: pan_util_lock_process(pan_util.c:1106): Write lock '/tmp/pan_bc_download_lock' failed
May 23 22:54:10 Error: main(pan_bc_download.c:148): Failed to lock process! Maybe another instance is running.
May 23 22:54:22 ip 188.8.131.52 message RT time 4.485
May 23 22:54:23 ip 184.108.40.206 message RT time 0.483
May 23 22:54:26 Best IP for service.brightcloud.com is 220.127.116.11
May 23 22:54:26 Newer update available...
May 23 22:54:40 Best IP for database.brightcloud.com is 0.0.0.0
May 23 22:54:43 Failed to download 'full_bcdb_3.344.bin'
May 23 22:54:43 Error: pan_bc_download(pan_bc_url.c:1198): Failed to perform download and update
May 23 22:54:43 Error downloading latest URL database
05-24-2010 03:40 PM
This error is similar to that experienced by some 3.1.0 -3.1.1 users trying to download the URL filtering through a proxy. It is a bug fixed in 3.1.2. If this is not your issue, please open a case with Support so that they can troubleshoot.
05-24-2010 08:43 PM
This has been experienced after upgrading to 3.1.2.
I'll contact Support
06-18-2010 06:50 AM
Has there been a solution for this yet? I still have the same problem with 3.1.2.
06-18-2010 11:19 AM
The original issue was resolved in 3.1.2. You may need to add a service route to use for DNS requests if you have a layer 3 address on the internet side of the PAN:
Device> Setup> Service Route Configuration
Otherwise, on your internal DNS server you add entries for database.brightcloud.com using the IP’s listed below.
C:\>nslookup database.brightcloud.com 18.104.22.168
Addresses: 22.214.171.124, 126.96.36.199
Please note, BrightCloud changed the IP address for www.brightcloud.com to the above address on 6/17/2010 and it may take up to 30 hours to propegate the change to public DNS servers. 188.8.131.52 has been updated and customers have been successfully able to download the database when changing their DNS server to that.
06-24-2010 05:19 AM
It still does not work for me with 3.1.2. Our DNS is fine and the IP addresses are correct for service.brightcloud.com, database.brightcloud.com and www.brightcloud.com. I have also tried to use both an L3 interface and management with the same results. The traffic is making it out to the Internet fine, however this is an example of what the PAN device logs.
Jun 24 08:01:08 ip 184.108.40.206 message RT time 0.075
Jun 24 08:01:08 ip 220.127.116.11 message RT time 0.108
Jun 24 08:01:08 Best IP for service.brightcloud.com is 18.104.22.168
Jun 24 08:01:23 Cannot receive data from 'service.brightcloud.com:80' to download BrightCloud URL database
Jun 24 08:01:23 Error downloading latest URL database
06-24-2010 03:44 PM
Please contact your support provider so that they can troubleshoot this issue with you.
07-01-2010 05:46 AM
I recently had a very similar issue. It turned out to be because my update traffic was passing through the a captive portal on another PAN box. I was using redirect on the CP and for some reason that was causing a problem with the URL updates. I added a rule to my CP policy that exempted the other PAN box and the update went fine after that. The other updates (software & content) went through the CP fine. I haven't looked into this any further to determine exactly what was going on, but I did notice that the other updates use only SSL while the URL update uses HTTP first and then SSL for the actual download. I hope this helps.
07-16-2010 06:22 AM
Currently having the same problem, it may appear that there is an upstream "Transparent Proxy" that your ISP is using.
You may want to try this link to see if there is one in place and investigate with your ISP
This is the current situation I think I have and am waiting on the ISP to see if there is a way we can bypass it all together for the brightcloud servers.
Will keep you posted.
07-29-2010 06:46 AM
Same issue here, seems to be an database.brightcloud.com problem,
supposingly to much traffic. Looks like an "connection reset" issue.
Sometimes the download stops at 2-7%, sometimes it goes up to 70%
and then fails.
On of my HA-Peers worked fine after a couple of retrys, the other one
fails for hours. So a "Proxy-Problem" can be excluded. Both PAN's
run on 3.1.3.
Hope PaloAlto gets rid of this problem soon.
07-29-2010 08:53 AM
Please provide the serial numbers of devices experiencing this latency problem and we'll submit them to BrightCloud to investigate.
Palo Alto Networks
10-08-2010 04:48 AM
Have the same problem for one of our customers.
Error message when trying to update the brightcloud database.
After some researching in this forum and on the network it was obvious that this had to be a proxy problem.
The PaloAlto management ip is on a network that is behind an Microsoft Threat Gateway.
When we turned of the proxy filtering the brightcloud update was successful.
But turning of the filtering everytime we need to update the url database is not an acceptable solution.
Is it possible to force the paloalto to contact https (port 443) for service.brightcloud.com instead of http?
The proxy filtering only runs on port 80.
How can we solve this in another way? Do you have any fixes planned for this to work?
ps. other updates works fine (application, threats, antivirus)
Forgot to mention that this PaloAlto runs version 3.1.4.
Message was edited by: jochristian
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!