10-15-2019 02:53 PM
I have a couple of firewalls that are running Pan-OS 9.0.3 that I cannot get the pandb-database to install and update. At least I cannot prove that it is downloading and active. Until 9/30/19, the 9.0 docs for this were the same as the 8.1 docs. According to the new docs, it looks like PANDB is active, but when I check the status on 9.0, it shows a DB version of 0000.00.00.000. Below are the results from the command "show url-cloud status" for my 9.0 and 8.1 firewalls.
9.0
PAN-DB URL Filtering
License : valid
Cloud connection : not connected
URL database version - device : 0000.00.00.000
URL protocol version - device : pan/0.0.2
8.1
PAN-DB URL Filtering
License : valid
Cloud connection : not connected
URL database version - device : 20190909.20113
URL protocol version - device : pan/0.0.2
When I look in monitor for the 8.1 firewall, I can see url-categories. On the 9.0 firewall, the only url-categories I get are "any" and "not-resolved". That is another indicator that is showing that I do not have a url-database.
I have tried several things, especially when the 9.0 docs were not up to date, including trying to manually install using "request url-filtering install pandb-database", which fails because there is no image uploaded. But, if you try to download the database using the "request url-filtering download" command, you can no longer specify "request url-filtering download paloaltonetworks region North-America", in 9.0 once you get to download in the command, the only options available (just pressing tab) comes out with "request url-filtering download status vendor brightcloud".
I have the exact same issue on two different 9.0 firewalls, so it does not seem to be something with the firewall, and I have tried this with 9.0.3 and currently with 9.0.3-h3, same results.
Unfortunately, I cannot take the firewalls down to 8.1.x and then run the update/download because we are using GRE tunnels on these firewalls, so that is not a viable option.
