URL Update failing

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

URL Update failing

L2 Linker

Hello,

i'm having issues updating the URL ,but the threat and content are being updated without problem.

I tried changing dns but see error i get when i force update

May 23 22:54:10 Error: pan_util_lock_process(pan_util.c:1106): Write lock '/tmp/pan_bc_download_lock' failed
May 23 22:54:10 Error: main(pan_bc_download.c:148): Failed to lock process!  Maybe another instance is running.
May 23 22:54:22  ip 64.87.3.54 message RT time 4.485
May 23 22:54:23  ip 94.236.25.159 message RT time 0.483
May 23 22:54:26 Best IP for service.brightcloud.com is 94.236.25.159
May 23 22:54:26 Newer update available...
May 23 22:54:40 Best IP for database.brightcloud.com is 0.0.0.0
May 23 22:54:43 Failed to download 'full_bcdb_3.344.bin'
May 23 22:54:43 Error: pan_bc_download(pan_bc_url.c:1198): Failed to perform download and update
May 23 22:54:43 Error downloading latest URL database

12 REPLIES 12

L5 Sessionator

This error is similar to that experienced by  some 3.1.0 -3.1.1 users trying to download the URL filtering through a proxy.  It is a bug  fixed in 3.1.2.   If this is not your issue, please open a case with Support so that they can troubleshoot.

This has been experienced after upgrading to 3.1.2.

I'll contact Support

Has there been a solution for this yet? I still have the same problem with 3.1.2.

Ron

The original issue was resolved in 3.1.2.  You may need to add a service route to use for DNS requests if you have a layer 3 address on the internet side of the PAN:

Device> Setup> Service Route Configuration

Otherwise, on your internal DNS server you add entries for database.brightcloud.com using the IP’s listed below.

C:\>nslookup database.brightcloud.com 4.2.2.1
Server: vnsc-pri.sys.gtei.net
Address: 4.2.2.1

Non-authoritative answer:
Name: database.brightcloud.com
Addresses: 64.87.3.54, 94.236.25.159

> www.brightcloud.com

Server:  vnsc-pri.sys.gtei.net

Address 4.2.2.1

Non-authoritative answer:

Name:    www.brightcloud.com

Address:  206.188.192.148

Please note, BrightCloud changed the IP address for www.brightcloud.com to the above address on 6/17/2010 and it may take up to 30 hours to propegate the change to public DNS servers.  4.2.2.1 has been updated and customers have been successfully able to download the database when changing their DNS server to that.

It still does not work for me with 3.1.2. Our DNS is fine and the IP addresses are correct for service.brightcloud.com, database.brightcloud.com and www.brightcloud.com. I have also tried to use both an L3 interface and management with the same results. The traffic is making it out to the Internet fine, however this is an example of what the PAN device logs.

Jun 24 08:01:08  ip 64.87.3.54 message RT time 0.075

Jun 24 08:01:08  ip 94.236.25.159 message RT time 0.108

Jun 24 08:01:08 Best IP for service.brightcloud.com is 64.87.3.54

Jun 24 08:01:23 Cannot receive data from  'service.brightcloud.com:80' to download BrightCloud URL database

Jun 24 08:01:23 Error downloading latest URL database

Sometimes it uses the 64 address, other times the 94 one, however the same error occurs for either. The devices have been rebooted several times too, plus I flipped them (running HA) and both have the same issue.
I do not know how the PAN device does it's check for the best IP, however I did a test last week and specifically blocked the IP that was favored (was the 64 address), and even though it did not get a response from and did from the other, the PAN device still said the Best IP was the one that it could not reach. I have since put everything back to normal again and it still fails downloading the URL database.
Ron

Please contact your support provider so that they can troubleshoot this issue with you.

L3 Networker

In my experience, a nightly reboot often helps.

Smiley Wink

I recently had a very similar issue.  It turned out to be because my update traffic was passing through the a captive portal on another PAN box.  I was using redirect on the CP and for some reason that was causing a problem with the URL updates.  I added a rule to my CP policy that exempted the other PAN box and the update went fine after that.  The other updates (software & content) went through the CP fine.  I haven't looked into this any further to determine exactly what was going on, but I did notice that the other updates use only SSL while the URL update uses HTTP first and then SSL for the actual download.  I hope this helps.

Currently having the same problem, it may appear that there is an upstream "Transparent Proxy" that your ISP is using.

You may want to try this link to see if there is one in place and investigate with your ISP

http://www.lagado.com/proxy-test

This is the current situation I think I have and am waiting on the ISP to see if there is a way we can bypass it all together for the brightcloud servers.

Will keep you posted.

Marc

L1 Bithead

Same issue here, seems to be an database.brightcloud.com problem,

supposingly to much traffic. Looks like an "connection reset" issue.

Sometimes the download stops at 2-7%, sometimes it goes up to 70%

and then fails.

On of my HA-Peers worked fine after a couple of retrys, the other one

fails for hours. So a "Proxy-Problem" can be excluded. Both PAN's

run on 3.1.3.

Hope PaloAlto gets rid of this problem soon.

Please provide the serial numbers of devices experiencing this latency problem and we'll submit them to BrightCloud to investigate.

Nancy Rice

Technical Support

Palo Alto Networks

1-866-898-9087

L4 Transporter

Have the same problem for one of our customers.

Error message when trying to update the brightcloud database.

After some researching in this forum and on the network it was obvious that this had to be a proxy problem.

The PaloAlto management ip is on a network that is behind an Microsoft Threat Gateway.

When we turned of the proxy filtering the brightcloud update was successful.

But turning of the filtering everytime we need to update the url database is not an acceptable solution.

Is it possible to force the paloalto to contact https (port 443) for service.brightcloud.com instead of http?

The proxy filtering only runs on port 80.

How can we solve this in another way? Do you have any fixes planned for this to work?

ps. other updates works fine (application, threats, antivirus)

Forgot to mention that this PaloAlto runs version 3.1.4.

Jo Christian

Message was edited by: jochristian

/Jo Christian
  • 5569 Views
  • 12 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!