Wildfire submission stopped working after PAN OS upgraded to v11.0.0.

Wildfire submission stopped working after PAN OS upgraded to v11.0.0.

556
Created On 02/27/23 10:42 AM - Last Modified 11/07/25 20:55 PM


Symptom


  • Wildfire submission stopped working after upgraded to PAN OS v11.0.0.
  • Wildfire submission worked fine before upgrade(PAN OS v10.2.3).
  • show wildfire status indicated that Next Generation Firewall connect to Wildfire Public Cloud correctly. 
> show wildfire status
Connection info: 
  Signature verification:        enable
  Server selection:              enable
  File cache:                    enable

WildFire Public Cloud:
  Server address:                wildfire.paloaltonetworks.com
  Best server:                   panos.wildfire.paloaltonetworks.com
  Device registered:             yes
  Through a proxy:               no
  Valid wildfire license:        yes
  Service route IP address:      10.13.10.2
  Global status:                 Idle
  Count of available workers:    20
  Available worker indices:      0 1 2 3 4 5 8 9 7 14 13 15 17 11 12 6 18 16 19 10
  Upload status Usage: 'I': Idle, 'U': Uploading, 'Q': Querying
    Upload worker index:           0    1    2    3    4    5    6    7    8    9   
    Upload status:                 I    I    I    I    I    I    I    I    I    I   
    Status time (seconds):         397  397  397  397  397  397  390  390  390  390 
    Upload worker index:           10   11   12   13   14   15   16   17   18   19  
    Upload status:                 I    I    I    I    I    I    I    I    I    I   
    Status time (seconds):         9    390  390  390  390  390  390  390  390  347
  • wildfire-upload.log indicated that Wildfire submission was working but stopped around 7 hours later.
Wildfire submission started at 2023-02-06 21:53:17 --> Customer executed "request wildfire registration" command
Wildfire submission stopped at 2023-02-07 04:03:00 
wildfire-upload.log

Data and Time	filename	file type	action	channel	session_id	transaction_id	file_len	flag	traffic_action
2023-02-06 21:53:17 +0900: 	ohl-mid.pdf	pdf	skipped - remote benign dup	PUB	3787360	2597853	564496	0x81c	allow
2023-02-06 21:54:43 +0900: 	0394.pdf	pdf	upload success	PUB	887566	2597865	370606	0x801c	allow
2023-02-06 21:54:51 +0900: 	TH614510782734_C.pdf	pdf	skipped - cached dup but remote not found	PUB	2690311	2597868	1704	0x8040	allow
2023-02-06 21:54:51 +0900: 	TH614510782734_C.pdf	pdf	upload success	PUB	3733798	2597866	144400	0x801c	allow
2023-02-06 21:54:56 +0900: 	ArticleDetail.js	script	upload failed	PUB	99293	2597870	399	0x801c	allow
---snip----
2023-02-07 04:03:00 +0900: 	https://us06web.zoom.us/webinar/register/WN_gga6i_8DSWKUNvoMTKv	email-link	upload success	PUB	4017833	2603141	66	0x10001c	allow


Environment


Pan OS v11.0.0

Cause


PAN-211082 handled this issue. 
A new callback function for device certificate was added to varrcvr fwd in PAN-185466. This callback function only checks for for thermite certificate and not the legacy certificate, causing the varrcvr to be disabled after 12-14 hours if thermite certificate is not installed.

Resolution


PAN-211082 Fix is applied to Pan OS v11.0.1.
Workaround is to restart "varrcvr" service or wildfire registration again.

> debug software restart process vardata-receiver 
or
> request wildfire registration
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kH6xCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail