On the passive HA peer, the "show wildfire status" command shows that the device is not registered. This persists even after initiating the registration process with the request wildfire registration command.
admin@PA-220(passive)> show wildfire status channel public
Connection info:
Signature verification: enable
Server selection: enable
File cache: enable
WildFire Public Cloud:
Server address: wildfire.paloaltonetworks.com
Best server:
Device registered: no <<<
Through a proxy: no
Valid wildfire license: yes
Service route IP address:
Global status: Disabled due to configuration
Count of available workers: 0
Available worker indices:
...
vardata-receiver log (even with debug enabled) will not show any debug entries concerning attempts to register.
> less mp-log varrcvr.log
Packet captures taken will show the Palo Alto Networks firewall never attempts to connect to any WildFire server (no outbound TCP connection over port 443 to WildFire server).
Environment
Palo Alto Firewalls
Active Passive High Availability (HA) Setup
Supported PAN-OS
WildFire
Cause
WildFire registration will not take place on a passive HA peer. Thus, it is normal for the passive device to remain unregistered while being passive.
Resolution
When the device becomes active, it triggers the request and the device gets registered automatically.