Palo Alto Networks Knowledgebase: Testing WildFire Registration Fails Immediately on Passive HA Peer

Testing WildFire Registration Fails Immediately on Passive HA Peer

3390
Created On 02/08/19 00:06 AM - Last Updated 02/08/19 00:06 AM
WildFire
Resolution

Symptom

On the passive HA peer, testing WildFire registration with the test wildfire registration CLI command will fail immediately with the following output:

> test wildfire registration
This test may take a few minutes to finish. Do you want to continue? (y or n)

Test wildfire
wildfire registration:         failed

 

To verify the vardata-receiver debug log, use the following CLI command:

> less mp-log varrcvr.log

 

This command will not show any debug entries concerning attempts to register. Any packet captures taken will show the Palo Alto Networks firewall never attempts to connect to any WildFire server (no outbound TCP connection over port 443 to wildfire.paloaltonetworks.com).

 

Cause

This occurs because WildFire registration will not take place on a passive HA peer. Failover the HA pair to make the system active and test registration again.

 

owner: nmassman



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgLCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language