Connecting FW on PAN-OS 9.0.1 to Cortex Data Lake (logging Services)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Connecting FW on PAN-OS 9.0.1 to Cortex Data Lake (logging Services)

L6 Presenter

I've sucesfully connected FW 8.1.x to Data lake but am having issues connecting one on 9.0.1. Both are managed by the same Panorama (PAN-OS 9.0.1). The difference is that on non-working one I have disabled Panorma Policy and Objects. But logging service setting is under template setting anyway. 

 

License seems to be ok. First error says "No certificate found" but there isn't any certificate configuration required for logging service. The second error says "Logging Service Preference List is malformed". No idea how to check/fix that.

 

Any Ideas? 

 

The status it shows is:

 

 

@PA-3060> request logging-service-forwarding status

Logging Service Licensed: Yes
Logging Service forwarding enabled: Yes
Duplicate logging enabled: No
Enhanced application logging enabled: Yes

Logging Service License Status:
Status:
        Status: success
        Expiration date: June 22, 2019
        Msg: License is valid
        Last Fetched: 2019/05/16 10:44:43

Fetch:

Install:

Upgrade:



Logging Service Certificate information: 
         No certificate found


Logging Service Customer file information: 
        Info: Failed to fetch ingest/query FQDN for customer (curl failed)
        Status: failure
        Last Fetched: 2019/05/20 10:01:07


Logging Service Preference List is malformed

 

1 accepted solution

Accepted Solutions

Only resetting the certificates didn't help in my case.

 

But this worked:

 

1. You should delete all the license keys for this Firewall and then fetch them back.
at the CLI:
delete license key ? delete each one
Fetch them back on the GUI

2. From the Panorama ...Panorama>Device Deployment>License.
Click refresh for this firewall

3. Delete the certificate
request logging-service-forwarding certificate delete
request logging-service-forwarding certificate fetch

4. Re-fetch customer info
request logging-service-forwarding certificate info

View solution in original post

3 REPLIES 3

L0 Member

You can manually request the certificate.

 

This will show you the status of the cert

request logging-service-forwarding certificate info

 

This will fetch the cert

request logging-service-forwarding certificate fetch

 

Run the first command again in a few seconds to see that it was successful. The "status" link in the GUI should show successful connection. 

 

I had to run this on all of my firewalls to get them working. The "Device Connected" dot stayed grey but data was flowing.

 

Only resetting the certificates didn't help in my case.

 

But this worked:

 

1. You should delete all the license keys for this Firewall and then fetch them back.
at the CLI:
delete license key ? delete each one
Fetch them back on the GUI

2. From the Panorama ...Panorama>Device Deployment>License.
Click refresh for this firewall

3. Delete the certificate
request logging-service-forwarding certificate delete
request logging-service-forwarding certificate fetch

4. Re-fetch customer info
request logging-service-forwarding certificate info

i ran into an apparent known issue where the initial registration MUST use the mgmt interface . on my home firewall i was using the dataplane for all services and would not register 

  • 1 accepted solution
  • 31286 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!