EDL 取取任务无法在主动/被动对中排队
10035
Created On 06/12/19 21:52 PM - Last Modified 03/31/22 19:12 PM
Symptom
- 问题发生在 FQDN 刷新后,我们在ms-logs文件中获取错误"更新错误代码-1"。
2019/03/26 10:10:29 medium general general 0 EDL(PPTR_EDL_Suspicious_Emails) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh. 2019/03/26 10:10:29 medium general general 0 EDL(PPTR_EDL_LEGACY) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh. 2019/03/26 10:10:29 medium general general 0 EDL(PPTR_EDL_LS_ISAO) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh. 2019/03/26 10:10:29 medium general general 0 EDL(PPTR_EDL_TAP) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh. 2019/03/26 10:04:20 medium general general 0 FW has lost connection to panorama, no log will be forwarded 2019/03/26 10:04:04 info general general 0 FqdnRefresh job enqueued. Enqueue time=2019/03/26 10:04:04. JobId=303579. . Type: Full 2019/03/29 17:03:53 info general general 0 EDL(PPTR_EDL_TAP) No changes to list file 2019/03/29 17:03:53 medium general general 0 EDL(PPTR_EDL_TAP) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh. 2019/03/29 17:03:53 info general general 0 EDL(PPTR_EDL_Suspicious_Emails) No changes to list file 2019/03/29 17:03:53 medium general general 0 EDL(PPTR_EDL_Suspicious_Emails) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh.
Environment
- 2 帕洛阿尔托网络防火墙
- 主动/被动
- EDL 配置
- 被动 firewall 配置如下:
- 直接上网
- 同步到对等
Cause
动态更新并不总是显示要同步,这可能会导致我们的多重作业队列问题,我们不能取消。 执行 firewall 这两项任务:被动成员的"下载和安装"和"对等同步",以队列到许多任务。
Resolution
- 如果两个主动/被动防火墙都配置为直接互联网访问并同步到对等,则 管理服务器重新启动或重新启动可解决问题。
- 为了防止此问题再次发生,以及如果我们有两个防火墙的直接互联网接入,请建议取消选中"同步到点"。
Additional Information
QUICK REFERENCE GUIDE: HELPFUL COMMANDS
配置 Firewall 访问外部动态列表
参考: HA 同步