Error "Failed to list cngfw tenants" on Panorama when integrated with Cloud NGFW

Error "Failed to list cngfw tenants" on Panorama when integrated with Cloud NGFW

5022
Created On 06/13/23 14:56 PM - Last Modified 03/13/24 20:51 PM


Symptom


  • Panorama fails to list the tenants as shown in the output below.
admin@panorama(active)> show plugins aws cngfw-tenants
Failed to list cngfw tenants

  • During Commit warning message is displayed

    Warnings
CloudConnector has encountered a failure [unsetopt() is not supported for this option]. All cloud functionalities will be disabled during commit.


Environment


  • Cloud NGFW for AWS
  • Panorama 10.2 or later
  • Cloud Connector plugin 2.0.1 or later
  • AWS plugin 5.0.0 or later

Cause


Region URL is not configured  so cloudngfw request returns with empty response (cloudconnector.log) 
admin@panorama(active)> show plugins-log plugin_cloudconnector.log
INFO: [/installed/cloudconnector/scripts/op/show-cloudngfw-tenants.py] Calling show_tenants.
INFO: [/installed/cloudconnector/scripts/op/show-cloudngfw-tenants.py] show_tenants invoked!
INFO: [/installed/cloudconnector/scripts/libs/utils.py] Region URL SDB is not set.
INFO: [/installed/cloudconnector/scripts/libs/utils.py] Plugin test enable SDB cfg.plugin.cloudconnector.test not set. Default state is not in test mode.
INFO: [/installed/cloudconnector/scripts/libs/utils.py] get_cloudmgr_region succeed with empty resp

Resolution


 
1. On NGFW portal, check what is the CDL region configured under GUI: Settings > Integrations.
ngfw portal.png
   
2. On Panorama, enable telemetry and set the region:
  • Go to GUI: Panorama > Setup > Telemetry
  • Set the region matching the CDL region.
  • Commit the configuration.
telemetry1.png
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000bq2TCAQ&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail