Testing WildFire Registration Fails Immediately on Passive HA Peer

Testing WildFire Registration Fails Immediately on Passive HA Peer

18485
Created On 09/25/18 19:52 PM - Last Modified 04/05/24 03:36 AM


Symptom


  • On the passive HA peer, testing WildFire registration with the test wildfire registration fails.
> test wildfire registration
This test may take a few minutes to finish. Do you want to continue? (y or n)

Test wildfire
wildfire registration:         failed

  • vardata-receiver debug log, will not show any debug entries concerning attempts to register.

> less mp-log varrcvr.log

  • Packet captures taken will show the Palo Alto Networks firewall never attempts to connect to any WildFire server (no outbound TCP connection over port 443 to wildfire.paloaltonetworks.com).

 

Environment


  • Palo Alto Firewalls
  • Active Passive High Availability (HA) Setup
  • Supported PAN-OS
  • Wildfire

Cause


WildFire registration is not supported on a passive HA peer.
 

Resolution


Failover the HA pair to make the system active and test registration again.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgLCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language