Palo Alto Networks Knowledgebase: PAN-DB Error: URL Database Download Failed

PAN-DB Error: URL Database Download Failed

8701
Created On 02/07/19 23:44 PM - Last Updated 02/07/19 23:45 PM
Device Management Initial Configuration Installation QoS Zone and DoS Protection
Resolution

Issue

The PAN-DB URL database download fails with "URL database download: not available."

panDB.JPG

 

If the system log shows that a certificate error has occurred, the issue may be with the system date on the device. The system log error appears as follows:

"PAN-DB seed loading failed (Error: Peer certificate cannot be authenticated with known CA certificates)"

 

Resolution

Check and correct the date on the system. If the device date or time is off significantly, then the certificate check fails when attempting to connect to the PAN-DB servers.

 

The error can also occur when the PAN-DB database in the cloud is unreachable. Try accessing https://s0000.urlcloud.paloaltonetworks.com from any device through the same connection. As shown below, a "400 Bad Request" error message indicates that the PAN-DB servers are reachable:

400_error.JPG

This error message could also occur if the PAN-DB Cloud application is being denied by a security policy.

To check go to Monitor > Logs >Traffic. Select the filter using “( app eq pan-db-cloud ) “, this should show if PAN-DB Cloud is being denied by a specific security rule:

Screen shot 1.png

 

Modify or create a security rule allowing the application PAN-DB Cloud. Now the URL DB can be downloaded.

Screen shot 2.png

 

owner: mbutt



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CluQCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language