System logs: "CLOUD CONNECTION: cloud not OK" and "PANDB: Authentication or Client Certificate failure"

• The following system log messages are generated:

2023/06/27 08:59:02 high     url-fil        url-clo 0  CLOUD CONNECTION: cloud not OK
2023/06/27 08:59:02 medium   general        general 0  PANDB: Authentication or Client Certificate failure.
2023/06/27 08:54:01 high     url-fil        url-clo 0  CLOUD CONNECTION: cloud not OK
2023/06/27 08:54:01 medium   general        general 0  PANDB: Authentication or Client Certificate failure.

• URL database version is not getting updated
• URL resolutions become not-resolved/cloud-unavailable

admin@Lab-FW(active)> test url www.google.com

www.google.com not-resolved (Base db) mlav_flag=0, mica_flags=0 expires in 5 seconds
www.google.com cloud-unavailable (Cloud db)


admin@Lab-FW(active)> test url urlfiltering.paloaltonetworks.com/test-command-and-control

urlfiltering.paloaltonetworks.com/test-command-and-control not-resolved (Base db) mlav_flag=0, mica_flags=0 expires in 5 seconds
urlfiltering.paloaltonetworks.com/test-command-and-control cloud-unavailable (Cloud db)

• Device certificate is expired:

admin@Lab-FW> show device-certificate status


Device Certificate information:
        Current device certificate status: Expired     <<<<<<<<<<<<<
        Not valid before: 2023/03/28 09:08:56 JST
        Not valid after: 2023/06/26 09:08:56 JST       <<<<<<<<<<<<<
        Last fetched timestamp: 2023/06/26 04:47:47 JST
        Last fetched status: failure
        Last fetched info: Failed to renew device certificate.
Invalid request. Authentication failed

• PanOS firewalls with device certificate.

• Due to expired device certificate, the PAN-DB cloud connection fails 

1. Re-fetch the device certificate by using command: request certificate fetch
2. Or perform a commit which re-fetches the device certificate.