External Dynamic List is not getting refreshed - HTTP error 302

External Dynamic List is not getting refreshed - HTTP error 302

2985
Created On 07/25/23 15:18 PM - Last Modified 02/14/24 00:54 AM


Symptom


  • When a change or update is done on an existing EDL hosted on an external server, the Firewall is not able to refresh the updated EDL.
  • This causes the desired traffic not being processed correctly. 
  • As the firewall is not able to refresh the updated EDL, it will use an existing old copy of EDL.
configd.log (less mp-log configd.log)
Error: ebl_fetch_url_from_remote_libcurl(pan_cfg_ebl.c:2617): EDL vsys1:Malware_IP_list_EDL curl_easy_perform passed, http error(302)
Error: ebl_verify_fetched_copy(pan_cfg_ebl.c:2932): EDL entry(0x559016d14000, 0x5590750d6000, 0x559081184e00 vsys1/Malware_IP_list_EDL, 
1, 1 ip) No valid entries found. No error
Error: ebl_update_local_file(pan_cfg_ebl.c:3247): EDL entry(0x559016d14000, 0x5590750d6000, 0x559081184e00 
vsys1/Malware_IP_list_EDL, 1, 1 ip) Unable to fetch external dynamic list. No error. Using old copy for refresh.


 

Environment

Cause


  • The firewall is receiving redirect message from the server.
  • This can be seen in the configd logs (less mp-log configd.log) as "HTTP error 302"

Resolution


  1. Redirections (http error 302) are not supported by Palo Alto firewalls on EDL configuration.
  2. Reconfigure the Server to ensure no redirects are sent to Palo Alto Firewalls.

Additional Information


Refer also: Unable To Fetch External Dynamic Lists (EDL) Due To A Timeout Or Connection Error
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000bqZcCAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail