Firewalls with Advanced WildFire License do not display a Dynamic Update configuration
13767
Created On 12/07/23 23:12 PM - Last Modified 12/08/23 00:45 AM
Symptom
Advanced Wildfire License is activated on the firewalls but the Wildfire configuration is not available in Dynamic Updates.
1. Checking under Licenses, we only find an Advanced WildFire License.
2. After clicking in 'Check Now', the WildFire panel under Dynamic Updates is not displayed.
Attempting a check via CLI results in the following error:
| > request wildfire upgrade check Server error : There is not wildfire license on the box |
Environment
- Palo Alto Networks firewalls not previously licensed with a traditional WildFire License.
Cause
There is an issue where firewalls that were not previously licensed with a traditional WildFire license, the Dynamic Update configuration will not be available for the device neither in the PAN-OS WebUI nor in the CLI.
Resolution
The license package for the firewall may have already included a temporary 'traditional' WildFire License to work-around this issue, however, it may not automatically deploy to the firewall, requiring a manual download of the license key and manual deployment of the license key to the device.
Workaround:
1. Note the serial number of your firewall. You can check for it in the WebUI (Dashboard) or run the "show system info" command in the CLI.
2. Log in to https://support.paloaltonetworks.com
3. On the left menu, head over to Products > Assets, and run a search for the device's serial number. Once found, hit the down-pointing option to expand the license view.
4. Click on the down-pointing arrow icon to download the license key. A key file with file name [serial]-wildfire,key will be downloaded. Make sure to download it for "WildFire License" and not "Advanced WildFire License". If a "WildFire License" is not present, open a case with Palo Alto Networks Support.
5. In your firewall, head over to [ Device > Licenses > License Management > click on 'Manually upload license key' ]. Under the 'Install License' pop-up, select Choose File, and submit the previously obtained [serial]-wildfire.key file.
6. Head over to [ Device > Dynamic Updates > click on 'Check Now' ]. The WildFire Dynamic Update configuration will now be displayed.
7. [Optional - Recommended] - Change the Schedule to Real-time.
8. [ High-Availability ] A config-sync with the HA-Peer will not resolve the issue. The traditional WildFire license needs to be deployed to each HA-Peer.