Use the following CLI command on the firewall to view the connection
status.
show ctd-agent status security-client
show ctd-agent status security-client
...
Security Client ADNS(1)
Current cloud server: qa.adv-dns.service.paloaltonetworks.com:443
Cloud connection: connected
Config:
Number of gRPC connections: 2, Number of workers: 8
Debug level: 2, Insecure connection: false, Cert valid: true, Key valid: true, CA count: 306
Maximum number of workers: 12
Maximum number of sessions a worker should process before reconnect: 10240
Maximum number of messages per worker: 0
Skip cert verify: false
Grpc Connection Status:
State Ready (3), last err rpc error: code = Unavailable desc = unexpected HTTP status code received from server: 502 (Bad Gateway); transport: received unexpected content-type "text/html"
Pool state: Ready (2)
last update: 2024-01-24 11:15:00.549591469 -0800 PST m=+1197474.129493596
last connection retry: 2024-01-23 00:03:09.093756623 -0800 PST m=+1070762.673658768
last pool close: 2024-01-22 14:15:50.36062031 -0800 PST m=+1035523.940522446
Security Client AdnsTelemetry(2)
Current cloud server: io-qa.adv-dns.service.paloaltonetworks.com:443
Cloud connection: connected
Config:
Number of gRPC connections: 2, Number of workers: 8
Debug level: 2, Insecure connection: false, Cert valid: true, Key valid: true, CA count: 306
Maximum number of workers: 12
Maximum number of sessions a worker should process before reconnect: 10240
Maximum number of messages per worker: 0
Skip cert verify: false
Grpc Connection Status:
State Ready (3), last err rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR
Pool state: Ready (2)
last update: 2024-01-24 11:25:58.340198656 -0800 PST m=+1198131.920100772
last connection retry: 2024-01-23 00:03:36.78141425 -0800 PST m=+1070790.361316421
last pool close: 2024-01-22 14:24:26.954340157 -0800 PST m=+1036040.534242289
...
Verify that the cloud connection status for
Security Client
AdnsTelemetry(2)
and
Security Client
ADNS(1)
are showing active connections.
CLI output shortened for brevity.
If you are unable to connect to the Advanced DNS Security cloud service,
verify that the Advanced DNS server is not being blocked:
dns.service.paloaltonetworks.com.