I've been working with the Palo app/addons for Splunk. There is the capability to pull a PCAP directly from a firewall (not Panorama) this way. It seems to fail intermittently on several of our firewalls. The errors are either "URLError: reason: [Errno 110] Connection timed out", "URLError: code: 400 reason: Bad Request", or "URLError: reason: [Errno -2] Name or service not known". We cannot figure out the correlation between failures. The devices are running different versions of the OS, sometimes they're primary/sometimes HA...nothing really makes sense. The logs within the Firewall show a successful authentication, but nothing more. The error codes come from the API hit via Splunk. I'm at a loss. The team opened a support case, but the support team said "Support for issues using the API is provided through the DevCenter" and sent us here. So, here I am. Any ideas?
... View more