DLP plugin error during commit Unable to connect to API gateway. (28, 'Resolving timed out after 30000 milliseconds')

DLP plugin error during commit Unable to connect to API gateway. (28, 'Resolving timed out after 30000 milliseconds')

1336
Created On 02/19/25 16:47 PM - Last Modified 05/03/25 03:00 AM


Symptom


  • Commit fails with error "Unable to connect to API gateway. (28, 'Resolving timed out after 30000 milliseconds')"
Profile Bulk CCN error: Unable to connect to API gateway. (28, 'Resolving timed out after 30000 milliseconds')
push_dlp_config_to_cloud failed
Failed plugin validation
  • DNS resolution fails indicating connectivity issues. In this example it displays "System error"
Panorama> ping host api.gpcloudservice.com
ping: api.gpcloudservice.com: System error

Panorama> ping host hawkeye.services-edge.paloaltonetworks.com
ping: hawkeye.services-edge.paloaltonetworks.com: System error 

 

Environment


  • Panorama
  • DLP plugin installed 

Cause


DNS or connectivity to api.gpcloudservice.com, hawkeye.services-edge.paloaltonetworks.com is not working.

Resolution


  1. Ensure the DNS services and the connectivity to the FQDNs work correctly.  Modify the traffic policy if necessary .
  2. Refer to the PreRequesites for Enterprise DLP.
  3. If the issue still persists, Reset the DLP plugin config on Panorama CLI, followed by a commit to resolve the error/issue: 
Panorama> request plugin dlp reset
Panorama> configure
# commit
  1. It can take some time for dlp plugin to synchronize with Palo Alto Networks Cloud.
  2. If the issue is still not resolved, open a support case.

Additional Information


Note: DLP plugin logs are too confirm the commit-validate errors

Panormama>less plugins-log plugin_dlp.log

2025-02-18 06:53:13.391 -0500 INFO: [commit-validate] Profile type predefined, name Bulk CCN send to enforcer 2025-02-18 06:53:13.394 -0500 INFO: [commit-validate] Accessing DLP URL : https://enforcer-hawkeye.services-edge.paloaltonetworks.com:443/v2/dlp/plugin-data-profile/1234235346
2025-02-18 06:53:13.394 -0500 INFO: [commit-validate] data is {"name": "Bulk CCN", "tenant_id": "4089838725449128448", "profile_id": 11995003, "panorama_version": "10.2.7", "rule1": {"action": "alert", "response_page": "This file has dlp issues", "show_rsp_page": "no"}, "direction": "both", "file_type": ["asm", "c_cpp-hdr", "c_cpp-src", "cpp-hdr", "cpp-src", "csharp", "csv", "doc", "docx", "gzip", "java-src", "jpeg-upload", "js", "matlab/obj-c", "pdf", "pl", "powershell", "png-upload", "ppt", "pptx", "py", "r", "rtf", "ruby", "tif", "txt-upload", "vbs", "verilog", "vhdl", "vsd", "vsdx", "vsdm", "xls", "xlsx", "7z"], "log_severity": "low", "version": 3, "file-based": "yes", "non-file-based": "no"}
2025-02-18 06:53:53.433 -0500 ERROR: [commit-validate] Tenant: 4089838725449128448, Result: fail, Message: Unable to connect to API gateway. (28, 'Resolving timed out after 30000 milliseconds')
2025-02-18 06:53:53.434 -0500 ERROR: [commit-validate] update data profiles failure {'result': 'fail', 'message': "Unable to connect to API gateway. (28, 'Resolving timed out after 30000 milliseconds')"}



    Other users also viewed:
    Actions
    • Print
    • Copy Link

      https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000PREmCAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail