How to clear URL cache in management and data plane?
33628
Created On 04/16/20 15:13 PM - Last Modified 01/08/24 16:07 PM
Objective
A URL's verdict in the cloud or test-a-site is benign, but my Firewall is blocking this URL as malware or a non-benign category. How do I fix it?
Environment
- All supported PAN-OS version
- A valid URL filtering license
- Or a valid advanced URL filtering license
Procedure
One reason is the Firewall still has the old verdict from before, and the Firewall cache is not cleared.
- Could you check the status of the URL on your Firewall?
-
>>test url http://urlfiltering.paloaltonetworks.com/test-high-risk urlfiltering.paloaltonetworks.com/test-high-risk not-resolved (Base db) mlav_flag=0 expires in 5 seconds urlfiltering.paloaltonetworks.com/test-high-risk computer-and-internet-info high-risk (Cloud db) >> url-info-host http://urlfiltering.paloaltonetworks.com/test-high-risk http://urlfiltering.paloaltonetworks.com/test-high-risk: Doesn't exist in the URL DB >>test url-info-cloud http://urlfiltering.paloaltonetworks.com/test-high-risk BM:urlfiltering.paloaltonetworks.com/test-high-risk,9,6,computer-and-internet-info,high-risk If Firewall has URL in cache: >> test url http://urlfiltering.paloaltonetworks.com/test-high-risk urlfiltering.paloaltonetworks.com/test-high-risk computer-and-internet-info high-risk (Base db) mlav_flag=1, mica_flags=16777233 expires in 291 seconds urlfiltering.paloaltonetworks.com/test-high-risk computer-and-internet-info high-risk (Cloud db)
- Clear the specific URL from the MP plane cache:
delete url-database URL <URL> Example: delete url-database url http://urlfiltering.paloaltonetworks.com/test-high-risk URL http://urlfiltering.paloaltonetworks.com/test-high-risk deleted
- Clear specified URL from data plane cache:
clear url-cache URL <your URL> Example: clear url-cache url http://urlfiltering.paloaltonetworks.com/test-high-risk http://urlfiltering.paloaltonetworks.com/test-high-risk was deleted from DP cache
Note: - For PAN-OS 9.0, you should always clear the cache for the top-level domain.
- For example, if you have a URL such as "second.first.TLD.com," then clear on the top-level domain as "clear url-cache URL TLD.com"
- Once you clear the URL cache, the URL will not remove from the DP cache, it only changes the URL verdict to not-resolved and expired. In this case, the next query on that domain will download the updated verdict, and you will see the new verdict.
- For PAN-OS >=10.0, this process is fast, and you will see the new verdict immediately.
Additional Information
Note: Here is KB article of different testing pages.