In WF-500 version 7.1.x or earlier deployments, the Palo Alto Networks device will first establish TCP port 443 connection to WF-500. The WildFire will provide "<WF500-IP>:10443" as a server list and then Palo Alto Networks firewall will connect to the WildFire on TCP port 10443. TCP port 10443 is used to forward files and fetch report. When the WildFire appliance is configured with the host name, it then sends <WF_Hostname:10443> to the firewall. If the firewall’s DNS cannot resolve this hostname, registration will fail and no files are forwarded to the WF-500 appliance.
Starting from PAN-OS 8.0 TCP 443 will be used for all connections (10443 will no longer be commmunicated as a 'go-to'). Firewalls will still use 10443 to fetch signatures.
Resolution
Configure host name, such that it is resolved with firewall’s DNS
Delete the host name by using the following CLI command: admin@WF-500# delete deviceconfig system hostname admin@WF-500# commit