How to clear URL cache in management and data plane?

How to clear URL cache in management and data plane?

33628
Created On 04/16/20 15:13 PM - Last Modified 01/08/24 16:07 PM


Objective


A URL's verdict in the cloud or test-a-site is benign, but my Firewall is blocking this URL as malware or a non-benign category. How do I fix it? 

Environment


  • All supported PAN-OS version
  • A valid URL filtering license 
  • Or a valid advanced URL filtering license

Procedure


One reason is the Firewall still has the old verdict from before, and the Firewall cache is not cleared. 
  • Could you check the status of the URL on your Firewall?
  • >>test url http://urlfiltering.paloaltonetworks.com/test-high-risk
urlfiltering.paloaltonetworks.com/test-high-risk not-resolved (Base db) mlav_flag=0 expires in 5 seconds
urlfiltering.paloaltonetworks.com/test-high-risk computer-and-internet-info high-risk (Cloud db)

>> url-info-host http://urlfiltering.paloaltonetworks.com/test-high-risk
http://urlfiltering.paloaltonetworks.com/test-high-risk: Doesn't exist in the URL DB

>>test url-info-cloud http://urlfiltering.paloaltonetworks.com/test-high-risk
BM:urlfiltering.paloaltonetworks.com/test-high-risk,9,6,computer-and-internet-info,high-risk

If Firewall has URL in cache:
>> test url http://urlfiltering.paloaltonetworks.com/test-high-risk
urlfiltering.paloaltonetworks.com/test-high-risk computer-and-internet-info high-risk (Base db) mlav_flag=1, mica_flags=16777233 expires in 291 seconds
urlfiltering.paloaltonetworks.com/test-high-risk computer-and-internet-info high-risk (Cloud db)
  • Clear the specific URL from the MP plane cache: 
    delete url-database URL <URL>
Example:
delete url-database url http://urlfiltering.paloaltonetworks.com/test-high-risk
URL http://urlfiltering.paloaltonetworks.com/test-high-risk deleted
  • Clear specified URL from data plane cache: 
    clear url-cache URL  <your URL>
Example: 
clear url-cache url http://urlfiltering.paloaltonetworks.com/test-high-risk
http://urlfiltering.paloaltonetworks.com/test-high-risk was deleted from DP cache

    Note:
  • For PAN-OS 9.0, you should always clear the cache for the top-level domain.
    • For example, if you have a URL such as "second.first.TLD.com,"  then clear on the top-level domain as  "clear url-cache URL TLD.com" 
  • Once you clear the URL cache, the URL will not remove from the DP cache, it only changes the URL verdict to not-resolved and expired. In this case, the next query on that domain will download the updated verdict, and you will see the new verdict.
  • For PAN-OS >=10.0, this process is fast, and you will see the new verdict immediately. 

Additional Information


Note: Here is KB article of different testing pages.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPeYCAW&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language