Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

what's mean counter url_request_pkt_drop?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

what's mean counter url_request_pkt_drop?

L3 Networker

Hello guys.

I experienced increasing constantly counter "url_request_pkt_drop" when installed PAN to customer. PAN showed that counter means "the number of packets get dropped because of waiting for url category request"

So I think that means simply packet dropping related URLs when not resolved URLs. I guess packet dropping of URLs that makes problem connecting and browsing particular web. right?

I want to know above counter why increase and when increase and what effect to customer's network.

Thanks.

Regards.

Roh.

1 accepted solution

Accepted Solutions

Retired Member
Not applicable

I think your assessment is basically correct. Question is how much URL lookups are you seeing. If you have a large number that needs to be resolved from the cloud, then the chances of seeing this may increase.

You can enable the URL cache feature. Enabling this option will load a portion of the URL database in memory. If HA is enabled then this would need to be enabled on HA peers. The positive effects of the cache will show up gradually, while the cache is building up.

The CLI commands to enable the URL cache filter are listed below:

admin@PAN(active)> set system setting url-filtering-feature cache true
admin@PAN(active)> set system setting url-filtering-feature filter true

To activate these settings a restart of the device-server is required.

admin@PAN(active)> debug software restart device-server

admin@PA-500> show system setting url-filtering-feature
cfg.url-feature.basedb-cache: True
cfg.url-feature.bloom-filter: True

Regards

-Richard

View solution in original post

3 REPLIES 3

Retired Member
Not applicable

I think your assessment is basically correct. Question is how much URL lookups are you seeing. If you have a large number that needs to be resolved from the cloud, then the chances of seeing this may increase.

You can enable the URL cache feature. Enabling this option will load a portion of the URL database in memory. If HA is enabled then this would need to be enabled on HA peers. The positive effects of the cache will show up gradually, while the cache is building up.

The CLI commands to enable the URL cache filter are listed below:

admin@PAN(active)> set system setting url-filtering-feature cache true
admin@PAN(active)> set system setting url-filtering-feature filter true

To activate these settings a restart of the device-server is required.

admin@PAN(active)> debug software restart device-server

admin@PA-500> show system setting url-filtering-feature
cfg.url-feature.basedb-cache: True
cfg.url-feature.bloom-filter: True

Regards

-Richard

L1 Bithead

url_request_pkt_drop: Is the counter for the number of dropped packets while waiting for a URL categorization from the MP.  If the MP CPU is running high then this would explain the increase in dropped packets while waiting for the MP to respond, but this counter does not reflect if the actual categorization was not found. 

A better counter to look at if worried about the MP not responding and the URL being labeled as not categorized look at:

url_request_timeout: Counter for if the MP does not respond within the timeout for the URL request   

url_cache_not_resolved: URL requests that where not resolved from the MP

You should check the above two counters to see if they are increasing.  

Hi,

How uptodate is this document ? Is this proceedure applicable to 4.1 also ?

Regards,

Sunil

  • 1 accepted solution
  • 5133 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!