- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-29-2020 01:39 PM - last edited on 04-18-2024 12:00 PM by emgarcia
Hello,
just finished to setup Cortex Data Lake on my PA-220 (without Panorama, using the Hub).
After enabling Telemetry (as asked by 10.0.1) and setting up the Telemetry Region as my Cortex Data Lake region (Europe) the status for Device, Product and Threat is always "Failed" with message "CDL Receiver Destination URL Empty".
On "device_telemetry_send.log" I can see:
2020-09-29 22:00:06,807 dt_send ERROR dst server: set endpoint: region not found on region list.
2020-09-29 22:00:06,810 dt_send ERROR fqdn lookup: endpoint url is empty
Where can I set the endpoint?
Thanks!
09-29-2020 02:53 PM
More info...
Doing a
show system state filter-pretty cfg.device-telem
I obtain:
cfg.device-telem: {
collect-now: {
last-attempt: Tue Sep 29 22:03:16 CEST 2020,
last-filename: PA_012801171939_dt_10.0.1_20200929_2004_NOW.tgz,
last-request-id: 1601409794,
last-success: Tue Sep 29 22:03:16 CEST 2020,
latest-request-id: 1601409794,
num-of-failed-attempts: 0,
reason: N/A,
status: N/A,
},
collect-now-canceled: 0x0,
collect-now-progress: 0,
collect-now-trigger: 0,
collect-now-ts: 26690168,
config-reload: 0x0,
dest-server: {
cacert: /tmp/capath/not-used,
capath: /tmp/capath,
client-cert: /opt/pancfg/mgmt/ssl/private/012801171939.crt,
client-cert-path: /opt/pancfg/mgmt/ssl/private,
client-cert-type: CRT,
dest-server-ip: 0.0.0.0,
endpoint: ,
private-key: /opt/pancfg/mgmt/ssl/private/012801171939.key,
region: europe,
use-endpoint: True,
use-lcaas-cert: False,
},
dest-server-ip: 0.0.0.0,
enabled: True,
intvl-resend-failed-count: 2,
logging-services: {
enabled: no,
endpoint: ,
region: americas,
},
minute-count: 0x89c3,
region-list: {
Americas: {
endpoint: br-prd1.us.cdl.paloaltonetworks.com,
region: Americas,
},
Europe: {
endpoint: br-prd1.nl.cdl.paloaltonetworks.com,
region: Europe,
},
UK: {
endpoint: br-prd1.uk.cdl.paloaltonetworks.com,
region: UK,
},
},
schedule: {
20-min-interval: {
day_intvl: None,
hour_intvl: None,
minute_intvl: 0, 20, 40,
name: 20-min-interval-schedule,
type: minute,
},
4-hr-interval: {
day_intvl: None,
hour_intvl: 0, 4, 8, 12, 16, 20,
minute_intvl: 7,
name: 4-hr-interval-schedule,
type: hour,
},
7-day-interval: {
day_intvl: 0,
hour_intvl: 1,
minute_intvl: 7,
name: 7-day-interval-schedule,
type: day,
},
},
schedule-list: {
day: {
7-day-interval: 7-day-interval,
},
hour: {
4-hr-interval: 4-hr-interval,
},
minute: {
20-min-interval: 20-min-interval,
},
},
send-failed-count: 73,
send-settings: {
failed_retry_interval: 10,
fqdn-interval: 10,
interval: 60,
max_failed_retries: 3,
multi-send-per-hour: 0,
},
settings: {
device-health-performance: yes,
product-usage: yes,
region: europe,
status: Device Certificate is valid,
threat-prevention: yes,
},
stats: {
device-health-performance: {
last-attempt: Tue Sep 29 23:47:04 CEST 2020,
last-success: N/A,
num-of-failed-attempts: 74,
reason: CDL Receiver Destination URL Empty,
status: failed,
},
product-usage: {
last-attempt: Tue Sep 29 23:47:04 CEST 2020,
last-success: N/A,
num-of-failed-attempts: 74,
reason: CDL Receiver Destination URL Empty,
status: failed,
},
threat-prevention: {
last-attempt: Tue Sep 29 23:47:04 CEST 2020,
last-success: N/A,
num-of-failed-attempts: 74,
reason: CDL Receiver Destination URL Empty,
status: failed,
},
},
system-info: {
minute-count: 0x43,
timestamp: 2020/09/05 01:37:01,
},
username-required: {
day: 0,
hour: 0,
man: 0,
minute: 0,
now: 0,
},
}
10-06-2020 11:11 AM
I have the same issue.
11-30-2020 10:45 AM
FYI...I got mine working. Part of the issue is that there is a bug where the region being pushed from Panorama is set to "americas" instead of "Americas". I had to change it via CLI after doing a local override. You can check by:
show device-telemetry settings
If it shows "americas" then you have the issue and need to manually set it to Americas:
set deviceconfig system device-telemetry region Americas
You will have to do a local override first since Panorama is managing that setting prior. Hope this helps.
04-08-2021 08:38 AM - edited 04-08-2021 11:47 AM
My issue was related to the type of support license that was assigned to my firewall. I had to have that fixed by the licensing folks. The error message was 100% unrelated to my real issue. Seems like only one error message exists that gets displayed regardless of what the true underlying issue is.
03-24-2023 06:10 AM
Hi,
I had this problem before and it has to do with Device Certificate. If you notice, on the WebUI, it shows valid and that was the case for me. However, if you go to cli and run:
admin@PA-460> show device-certificate status
It might show otherwise or that it wasn't fetched.
I just had to run:
admin@PA-460> request certificate fetch
and it helped.
08-15-2023 12:03 AM
You saved my day! Thank you!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!