Firewall is not able to register to WF-500 due to incompatible PAN-OS version

Firewall is not able to register to WF-500 due to incompatible PAN-OS version

14000
Created On 09/26/18 13:48 PM - Last Modified 04/20/20 23:58 PM


Symptom


Symptoms

Firewall is not able to register to WF-500. Checking the status shows "Disabled by cloud server":

 

admin@PA-VM> show wildfire status channel private

Connection info:
 Signature verification: enable
 Server selection: enable
 File cache: enable

WildFire Private Cloud:
 Server address: 1.2.3.4
 Status: Disabled by cloud server
 Best server:
 Device registered: no
 Through a proxy: no
 Valid wildfire license: yes
 Service route IP address: 1.2.3.3

 

Testing WF-500 registration immediately fails:

 

admin@PA-VM> test wildfire registration channel private
This test may take a few minutes to finish. Do you want to continue? (y or n)

Test wildfire Private Cloud

        WildFire is disabled

 

The following message is logged in varrcvr.log:

 

admin@PA-VM> less mp-log varrcvr.log
(...)
2016-10-25 16:50:42.260 +0200 Cloud determines that wildfire is not supported on this device

 

Diagnosis

WF-500 checks the PAN-OS version of the connecting firewalls, and rejects the connection if a firewall is running higher minor feature release than itself. For example, WF-500 running PAN-OS 7.0 will reject connections from firewalls running PAN-OS 7.1.

Resolution


Upgrade WF-500 to the same minor feature release as the firewall, or higer. After upgrade is completed, reset the WF-500 connection on the firewall:

 

admin@PA-VM> debug wildfire reset forwarding channel private

WildFire connection reset for Private Cloud is triggered 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clp9CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language