Symptom
-
问题发生在 FQDN 刷新后,我们在ms-logs文件中获取错误"更新错误代码-1"。
2019/03/26 10:10:29 medium general general 0 EDL(PPTR_EDL_Suspicious_Emails) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh.
2019/03/26 10:10:29 medium general general 0 EDL(PPTR_EDL_LEGACY) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh.
2019/03/26 10:10:29 medium general general 0 EDL(PPTR_EDL_LS_ISAO) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh.
2019/03/26 10:10:29 medium general general 0 EDL(PPTR_EDL_TAP) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh.
2019/03/26 10:04:20 medium general general 0 FW has lost connection to panorama, no log will be forwarded
2019/03/26 10:04:04 info general general 0 FqdnRefresh job enqueued. Enqueue time=2019/03/26 10:04:04. JobId=303579. . Type: Full
2019/03/29 17:03:53 info general general 0 EDL(PPTR_EDL_TAP) No changes to list file
2019/03/29 17:03:53 medium general general 0 EDL(PPTR_EDL_TAP) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh.
2019/03/29 17:03:53 info general general 0 EDL(PPTR_EDL_Suspicious_Emails) No changes to list file
2019/03/29 17:03:53 medium general general 0 EDL(PPTR_EDL_Suspicious_Emails) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh.
Environment
-
2 帕洛阿尔托网络防火墙
-
主动/被动
-
EDL 配置
-
被动 firewall 配置如下:
Cause
动态更新并不总是显示要同步,这可能会导致我们的多重作业队列问题,我们不能取消。
执行 firewall 这两项任务:被动成员的"下载和安装"和"对等同步",以队列到许多任务。
Resolution
-
如果两个主动/被动防火墙都配置为直接互联网访问并同步到对等,则
管理服务器重新启动或重新启动可解决问题。
-
为了防止此问题再次发生,以及如果我们有两个防火墙的直接互联网接入,请
建议取消选中"同步到点"。
Additional Information
QUICK REFERENCE GUIDE: HELPFUL COMMANDS
配置 Firewall 访问外部动态列表
参考: HA 同步
