Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
EDL Fetch task fails to get Queued in Active/Passive pair - Knowledge Base - Palo Alto Networks

EDL Fetch task fails to get Queued in Active/Passive pair

10035
Created On 06/12/19 21:52 PM - Last Modified 03/31/22 19:12 PM


Symptom


  • The issue occurs after FQDN Refresh, which we get error "update error code -1" within the ms-logs files.
 
2019/03/26 10:10:29 medium general general 0 EDL(PPTR_EDL_Suspicious_Emails) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh.
2019/03/26 10:10:29 medium general general 0 EDL(PPTR_EDL_LEGACY) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh.
2019/03/26 10:10:29 medium general general 0 EDL(PPTR_EDL_LS_ISAO) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh.
2019/03/26 10:10:29 medium general general 0 EDL(PPTR_EDL_TAP) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh.

2019/03/26 10:04:20 medium general general 0 FW has lost connection to panorama, no log will be forwarded
2019/03/26 10:04:04 info general general 0 FqdnRefresh job enqueued. Enqueue time=2019/03/26 10:04:04. JobId=303579. . Type: Full

2019/03/29 17:03:53 info general general 0 EDL(PPTR_EDL_TAP) No changes to list file
2019/03/29 17:03:53 medium general general 0 EDL(PPTR_EDL_TAP) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh.
2019/03/29 17:03:53 info general general 0 EDL(PPTR_EDL_Suspicious_Emails) No changes to list file
2019/03/29 17:03:53 medium general general 0 EDL(PPTR_EDL_Suspicious_Emails) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh.


 


Environment


  • 2 Palo Alto Networks Firewalls
  • Active/Passive
  • EDL configured
  • Passive firewall has the following configured: 
    • Direct Internet Access
    • Sync To Peer


Cause


Dynamic updates don't always show to be synchronized which may be causing our Multiple Jobs Queued issue, which we can't cancel. Having the firewall perform both tasks: "Download and Install" and "sync-to-peer" on the passive member to queue to many tasks. 

 


Resolution


To prevent this issue from occurring again, and if we have "Direct Internet Access" for both firewalls, we recommend to uncheck "Sync-To-Peer.".
 



Additional Information




Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PM93CAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language