Palo Alto Networks Knowledgebase: What Happens if the Server Configured for Dynamic Block Lists Becomes Unreachable?

What Happens if the Server Configured for Dynamic Block Lists Becomes Unreachable?

2470
Created On 02/07/19 23:42 PM - Last Updated 02/07/19 23:42 PM
Resolution

The Palo Alto Networks device will retain the last successfully retrieved list and continue operating with the current information until the connection is restored with the server where the block list resides.

Details

The EBLRefresh job which occurs at the frequency specified in the configuration will show the following warning if connectivity to the server is lost: EBL(vsys1/test) Unable to fetch external list.  Using old copy for refresh.

For example:

  • Run show jobs all to see all the jobs, and look for the EBLRefresh job.

  • If the job id for EBLRefresh is determined, then run show jobs id <id number>
    > show jobs id 343
    Enqueued               ID      Type        Status  Result  Completed
    ---------------------------------------------------------------------
    2013/03/25 19:45:48    343     EBLRefresh   FIN      OK    19:48:19
    Warnings: Details:EBL(vsys1/test) Unable to fetch external list. Using old copy for refresh.

Note: The last successfully refreshed copy is also retained in the following scenarios:

  1. Management Plane Restart.
  2. Data Plane Restart.
  3. Device Reboot.
  4. Software Upgrade/Downgrade

owner: sraghunandan



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm14CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language