System logs report "CURL ERROR: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to serverlist2.urlcloud.paloaltonetworks.com:443"

• URL categorization configured on the Firewall Security Policy
• The categorization fails with "Not Resolved" in the URL filtering logs.
• The system logs report "CURL ERROR: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to serverlist2.urlcloud.paloaltonetworks.com:443"
• The status of the PAN-DB URLs in the URL filtering logs shows as "not resolved."

serverlist.urlcloud.paloaltonetworks.com
serverlist2.urlcloud.paloaltonetworks.com
s0000.urlcloud.paloaltonetworks.com
updates.paloaltonetworks.com

• URL cloud status also shows as "not connected"

(active)> show url-cloud status

PAN-DB URL Filtering
License :                          valid
Cloud connection :                 not connected
URL database version - device :    0000.00.00.000
URL protocol version - device :    pan/0.0.

• Next-Gen firewalls
• Supported PAN OS
• Management connectivity to PANDB Cloud is via the Data plane
• URL license enabled

• Management interface connectivity to the internet is currently routed through the dataplane.
• The security policy designed to permit the PAN-DB cloud connection is has the URL category.
• Because the firewall lacks an initial connection to the PAN-DB cloud, it cannot identify the URL category, preventing the security policy from ever matching.
• Consequently, the management interface remains unable to connect to the URL cloud due to the absence of a functional security policy.

1. Configure an open security policy to allow the management traffic to reach internet.
2. The other secure option is to configure security policy to allow the management traffic to above listed PANDB cloud URLs.

N/A