https://live.paloaltonetworks.com/t5/prisma-access-articles/firewall-unable-to-register-to-cortex-data-lake/ta-p/282908 <DIV class="lia-message-template-symptoms-zone"> <H2>Symptoms</H2> <P>A firewall is unable to register to Cortex Data Lake (CDL) for log forwarding. You might see red lights under the logging status or the firewall fails to connect to the CDL.</P> <P>&nbsp;</P> </DIV> <DIV class="lia-message-template-diagnosis-zone"> <H2>Diagnosis</H2> <OL> <LI>Make sure FQDN refresh is enabled on the firewall</LI> <LI>Able to resolve CDL FQDN</LI> <LI>Traffic from the firewall to CDL is not being decrypted</LI> <LI>The URLs and ports below are whitelisted for Prisma Access communication. <BR /><STRONG>NOTE:</STRONG> <EM>More information can be found at&nbsp;<A title="Set Up Prisma Access | TechDocs | Palo Alto Networks" href="https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/get-started-with-prisma-access-overview" target="_self">Set Up Prisma Access</A>.</EM> <UL> <LI class="li"> <DIV class="p">Port 444 (for Cortex Data Lake)</DIV> </LI> <LI class="li"> <DIV class="p">api.lc.prod.us.cs.paloaltonetworks.com (for Cortex Data Lake)</DIV> </LI> <LI class="li"> <DIV class="p">api.gpcloudservice.com (for Prisma Access)</DIV> </LI> <LI class="li"> <DIV class="p">api.paloaltonetworks.com (for Prisma Access)</DIV> </LI> <LI class="li"> <DIV class="p">apitrusted.paloaltonetworks.com (for Prisma Access)</DIV> </LI> </UL> </LI> </OL> <P>&nbsp;</P> </DIV> <DIV class="lia-message-template-solution-zone"> <H2>Solution</H2> <P>Try following these steps on the firewall's CLI.&nbsp;</P> <P>&nbsp;</P> <UL> <LI>Troubleshooting <OL> <LI><FONT face="courier new,courier">delete license key &lt;logging_service_key&gt;</FONT></LI> <LI><FONT face="courier new,courier">request logging-service-forwarding certificate delete</FONT></LI> <LI><FONT face="courier new,courier">request logging-service-forwarding certificate fetch</FONT></LI> </OL> </LI> </UL> <P>&nbsp;</P> <UL> <LI>Verification <OL> <LI><FONT face="courier new,courier">show logging-status</FONT></LI> <LI><FONT face="courier new,courier">debug log-receiver rawlog_fwd_trial stats global show</FONT></LI> <LI><FONT face="courier new,courier">request logging-service-forwarding status</FONT></LI> <LI><FONT face="courier new,courier">request license info</FONT></LI> <LI><FONT face="courier new,courier">show system state | match lcaas</FONT></LI> <LI><FONT face="courier new,courier">show system state | match cust</FONT></LI> <LI><FONT face="courier new,courier">request logging-service-forwarding customerinfo show</FONT></LI> <LI><FONT face="courier new,courier">request logging-service-forwarding certificate info</FONT></LI> <LI><FONT face="courier new,courier">show netstat numeric-hosts yes numeric-ports yes | match 3978</FONT></LI> </OL> </LI> </UL> <P>&nbsp;</P> <P>If it does not help, please <A title="Prisma Access Discussions | LIVEcommunity | Palo Alto Networks" href="https://live.paloaltonetworks.com/t5/Prisma-Access-Discussions/bd-p/Prisma_Access_Discussions" target="_self">Start a Topic in the Prisma Access Discussions</A> area for community help. You may also&nbsp;open a <A title="Customer Support | Palo Alto Networks " href="https://support.paloaltonetworks.com" target="_self">TAC Case</A> for further assistance, and be sure to reference the error and the steps provided. You can reference this document if needed.</P> </DIV> Thu, 15 Aug 2019 21:54:18 GMT Sai_Tumuluri 2019-08-15T21:54:18Z https://live.paloaltonetworks.com/t5/prisma-access-articles/firewall-unable-to-register-to-cortex-data-lake/ta-p/282908 <P>Is firewall unable to connected Cortex Data Lake (CDL)?</P> Thu, 15 Aug 2019 21:54:18 GMT https://live.paloaltonetworks.com/t5/prisma-access-articles/firewall-unable-to-register-to-cortex-data-lake/ta-p/282908 Sai_Tumuluri 2019-08-15T21:54:18Z