Problem and solution when the URL category query server fails to be connected

0

To locate and rectify the fault that the URL category query server fails to be connected, perform the following steps:
1. Check whether there is a URL remote query license.
Check whether the URL remote query license is enabled and valid on the CLI or web UI.
2.Check whether the networking and the configuration is correct.
a.Run the display url-filter global-configuration command to check whether the server state is Connected. If the state is another value, the server is not connected.
b. Check whether the DNS server is correctly configured and test the connectivity between the device and the website sec.huawei.com. This website is Huawei security upgrade and authentication center. To connect to a URL remote query server, the device must pass authentication on this website. If the device cannot access the website, it cannot connect to the URL remote query server.
c. Check the URL filtering profile.Run the display url-filter global-configuration command to check whether a country name is configured. If no country name is configured for the firewall, it cannot connect to the URL remote query server.
d. Check related configurations on the device.View IPsec and tunnel configurations and check whether connection request packets enter IPsec tunnels. If so, analyze the networking and configuration and ensure that the packets can be correctly sent to the authentication center, scheduling server, and query server.
e. View security policies and check whether security policies have blocked connection request packets.Several special IP addresses and port numbers are involved for URL server connections. Ensure that the packets sent to the URL servers can pass the check of security policies.
f. Check whether the update host source command is configured.This command has an influence on the source address used to connect to the URL remote query server. If this command is configured, the specified interface address serves as the source address of query packets sent to the URL remote query server.If this command is configured, ensure that the packets in response to the packets sent from the specified address to the URL server can be properly forwarded to the device.

Other related questions:
Problem and solution when a KVM fails
Possible cause: The problem occurs when the power supply is unstable and has transient breaks after the reconstruction of the UPS. Solution: 1. Reinsert the USB cable. 2. If the problem persists, restart the KVM. 3. Replace the faulty keyboard and mouse or the KVM. 4. If the problem persists, restart the SVP.

Problem and solution when the heartbeat interfaces of the firewalls fail to be directly connected
Troubleshoot as follows: 1. Check whether the cable is properly connected. 2. Check whether the interface has been added to the security zone. 3. Check whether service-manage ping permit is configured under the interface.

Problem and solution when port mapping on the USG6330 fails
If port mapping fails, check first whether the policy is correct and then view the session table information.

Problem and solution when an SSL VPN user fails to be authenticated by the AD server
You need to change the parameter settings of the import server filter and configure correct user information for SSL VPN role authorization/users. For details, see: USG6600V5R1C30 SSLVPN user login issue

Obtaining the URL category file in the URL filtering function of the firewall
URL categories may be user-defined or predefined. You can either create user-defined categories or use predefined categories to filter URLs. You can configure user-defined categories on the web UI or through the CLI. If there is no initial URL category database on the local device, log in to the security center platform (sec.huawei.com) to download it. On the home page of the website, choose Signature Update > Signature Update. Select information, such as the product model and version number. On the URLINIT tab, download the latest initial URL category database.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top