Why the Log Status of the Passive Firewall is displayed as "Not receiving logs" on the Device Security Portal?

443

Created On 09/25/25 00:40 AM - Last Modified 11/12/25 23:57 PM

IoT integration

High Availability

IoT Security

Question

Why the Log Status of the Passive Firewall is displayed "Not receiving logs" on the Device Security Portal?

On the Device Security Portal, Firewalls table on the page for Firewalls < Administration displays as "Not receiving logs" on the Log Status for the Passive firewall.

Environment

All PAN-OS versions
The Passive state for High Availability

Answer

The Log Status of the Passive Firewall is usually shown as "Not receiving logs" except for a period of 30-60 minutes after it reboots.

Additional Information

<Device Security Integration Status with Firewalls>
https://docs.paloaltonetworks.com/iot/administration/monitor-iot-security-health/iot-security-integration-status-with-firewalls

The Passive Firewall doesn't forward logs to SLS even though SLS connections are established.

> request logging-service-forwarding status

Logging Service Licensed: Yes
Logging Service forwarding enabled: Yes
Duplicate logging enabled: No
Enhanced application logging enabled: No

Logging Service License Status:
Status:
Status: success
Expiration date: April 28, 2028
Msg: License is valid
Last Fetched: 2025/09/24 16:23:32

Fetch:
Status: Success
Msg: Successfully fetched license
Last Fetched: 2025/09/19 14:46:42

Install:
Status: Success
Msg: Successfully install fetched license
Last Fetched: 2025/09/19 14:46:42

Upgrade:

Logging Service Certificate information:
Info: Successfully fetched Device Certificate
Status: success
Last fetched: 2025/09/24 16:34:17

Logging Service Customer file information:
(snip)
Last Fetched: 2025/09/24 16:29:48

Logging Service Preference List
Forward to all: Yes
(snip)

-----------------------------------------------------------------------------------------------------------------------------
Type Last Log Created Last Log Fwded Last Seq Num Fwded Last Seq Num Acked Total Logs Fwded
-----------------------------------------------------------------------------------------------------------------------------

Log Collector : RECEPTR04USSTG
Conn ID : lr-34.90.253.226
Connection IP : 34.90.253.226
Conn Source IP : lr - def
High speed mode : Disabled
Connection Status : lr - Active
DNS :
msg : Successfully resolved FQDN for connid (lr-34.90.253.226-def), IP (34.90.253.226)
status : success
timestamp : 2025/09/24 16:29:53

Registration :
msg : Successful registration with lr-34.90.253.226-def
status : success
timestamp : 2025/09/24 16:29:56

SSL :
msg : ssl channel established
status : success
timestamp : 2025/09/24 16:29:55

TCP :
msg : tcp connection established
status : success
timestamp : 2025/09/24 16:29:53

Conn Uptime : 0
Re-conn Count : 0

Rate : 0 logs/sec

traffic Not Available Not Available 0 0 0
threat Not Available Not Available 0 0 0
hipmatch Not Available Not Available 0 0 0
gtp-tunnel Not Available Not Available 0 0 0
auth Not Available Not Available 0 0 0
iptag Not Available Not Available 0 0 0
userid Not Available Not Available 0 0 0
sctp Not Available Not Available 0 0 0
decryption Not Available Not Available 0 0 0
config Not Available Not Available 0 0 0
system Not Available Not Available 0 0 0
globalprotect Not Available Not Available 0 0 0

(snip)

Why the Log Status of the Passive Firewall is displayed as "Not receiving logs" on the Device Security Portal?

Question

Environment

Answer

Additional Information

Other users also viewed: