Palo Alto Networks Knowledgebase: Testing WildFire Registration Fails Immediately on Passive HA Peer
Testing WildFire Registration Fails Immediately on Passive HA Peer
Created On 02/08/19 00:06 AM - Last Updated 02/08/19 00:06 AM
On the passive HA peer, testing WildFire registration with the test wildfire registration CLI command will fail immediately with the following output:
> test wildfire registration This test may take a few minutes to finish. Do you want to continue? (y or n)
Test wildfire wildfire registration: failed
To verify the vardata-receiver debug log, use the following CLI command:
> less mp-log varrcvr.log
This command will not show any debug entries concerning attempts to register. Any packet captures taken will show the Palo Alto Networks firewall never attempts to connect to any WildFire server (no outbound TCP connection over port 443 to wildfire.paloaltonetworks.com).
This occurs because WildFire registration will not take place on a passive HA peer. Failover the HA pair to make the system active and test registration again.