Palo Alto Networks

Palo Alto Networks firewalls: Job(s) stuck in pending

Last updated: September 15, 2025

Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.

The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog

Key takeaways

This article describes an indeni alert for Palo Alto Networks Firewalls that detects jobs stuck in the PEND (pending) state for over 30 minutes, highlighting an operational issue where jobs like EBLRefresh and Install may not progress. The technical environment involves indeni periodically running the CLI command "show jobs all" to identify long-running pending jobs and flag affected job names for administrator attention. The outcome advises operators to review the listed jobs, consider stopping and reissuing them, and consult DOC-2259 for more detailed guidance to restore normal job execution and reduce operational impact.

What specific condition triggers this indeni alert for Palo Alto Networks Firewalls?

The alert is triggered when indeni detects one or more jobs on the device that have been in the PEND (pending) state for more than 30 minutes. Indeni determines this by periodically running the firewall CLI command “show jobs all” and checking each job’s status and duration. If any job exceeds the 30-minute pending threshold, the alert lists the affected job names (for example, EBLRefresh or Install) so administrators can investigate and remediate the stalled jobs.

Which jobs were given as examples in the alert and what should an operator do when they see them listed?

The sample alert lists EBLRefresh and Install as affected jobs that have been stuck in PEND. Operators should review those specific jobs for potential issues, which may include examining job details and recent changes that could have blocked progress. The remediation guidance recommends stopping and re-issuing the job if possible. For additional instructions and context, operators are directed to consult DOC-2259 for further information on resolving stuck jobs and restoring normal job processing.

How does indeni check job status on the firewall and where can I find more information?

Indeni checks job status by running the Palo Alto Networks CLI command “show jobs all” on a regular basis and parsing the returned job list and statuses. It specifically looks for jobs in the PEND state and measures how long each has been pending; those exceeding 30 minutes trigger the alert. For more detailed remediation steps and documentation relevant to these stuck jobs, the alert references DOC-2259 as the source for further information and guidance.

This is a real life sample alert from the indeni alert guide for Palo Alto Networks Firewalls.

Description:

One or more jobs running on this device have been stuck in “pending” state for more than 30 minutes.

Affected Jobs:

EBLRefresh
Install

Manual Remediation Steps:
Review the jobs listed above for possible issues. You may want to stop and re-issue the job if possible. For more information read DOC-2259.

How does this alert work?
indeni reviews the current list of jobs on a regular basis by running “show jobs all”. For this alert, indeni looks for jobs that have been stuck in PEND for more than 30 minutes.

Unlock $120K+ in network ROI

Palo Alto Networks firewalls: Job(s) stuck in pending

Related content

How to map your network with user-defined links in Integrity X

Automate your DDI modernization path by migrating with Micetro

Your journey to intelligent NetOps begins at Cisco Live

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)