No wildfire submissions (FWD_ERR_CONN_FAIL_PUB errors)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

No wildfire submissions (FWD_ERR_CONN_FAIL_PUB errors)

L2 Linker

 

Hi there,

 

Wildfire is not submiting files. I have the simplest configuration possible, and I'm using the test file (https://wildfire.paloaltonetworks.com/publicapi/test/pe). However, nothing is getting to the portal, or logs for that matter.

I'm running VM-100 on a ESXi server, 8G RAM, 4 vCores, PAN OS 8.2.

The only thing I have noticed is on the CLI I can see two errors going up: 

  • FWD_ERR_CONN_FAIL_PUB 18
  • FWD_ERR_GET_REPORT_FAIL_PUB 4

Any ideas on how I can fix this?

 

Here is what I get from the CLI:

 

admin@PA-VM> show wildfire statistics

Packet based counters:

DP Files upload initiated: 0

DP Files upload succeeded: 0

Counters for file cancellation:

Counters for file forwarding:

file type: apk

file type: pdf

file type: email-link

file type: ms-office

file type: pe

file type: flash

file type: jar

file type: MacOSX

file type: unknown

file type: pdns

Error counters:
FWD_ERR_CONN_FAIL_PUB 18
FWD_ERR_GET_REPORT_FAIL_PUB 4

Reset counters:
DP receiver reset cnt: 3
File cache reset cnt: 1
Public Cloud:
Service connection reset cnt: 1
Log cache reset cnt: 1
Report cache reset cnt: 1
Private Cloud:

Resource meters:
data_buf_meter 0%
msg_buf_meter 0%
ctrl_msg_buf_meter 0%
wr_debug_log_buf_meter 0%

File forwarding queues:
priority: 1, size: 0 (PUB), 0 (PRIV)
priority: 2, size: 0 (PUB), 0 (PRIV)

priority: 3, size: 0 (PUB), 0 (PRIV)
priority: 4, size: 0 (PUB), 0 (PRIV)


admin@PA-VM> show wildfire status

Connection info:
Signature verification: enable
Server selection: enable
File cache: enable

WildFire Public Cloud:
Server address: wildfire.paloaltonetworks.com
Status: Idle
Best server: panos.wildfire.paloaltonetworks.com
Device registered: yes
Through a proxy: no
Valid wildfire license: yes
Service route IP address: 192.168.10.4
Best server update interval: 504 minutes.

WildFire Private Cloud:
Server address:
Status: Disabled due to configuration
Best server:
Device registered: no
Through a proxy: no
Valid wildfire license: yes
Service route IP address:

File size limit info:
pe 5 MB
apk 10 MB
pdf 200 KB
ms-office 500 KB
jar 1 MB
flash 5 MB
MacOSX 1 MB

Forwarding info:
file idle time out (second): 90
total concurrent files: 0
Public Cloud:
total file fwded : 0
total file failed: 0
total file skipped: 0
total cloud queries: 0
total cloud queries failed: 0
file forwarded in last minute: 0
concurrent files: 0
Private Cloud:
total file fwded : 0
total file failed: 0
total file skipped: 0
total cloud queries: 0
total cloud queries failed: 0
file forwarded in last minute: 0
concurrent files: 0


admin@PA-VM>

7 REPLIES 7

L6 Presenter

pa.JPG

 

How do you try to access the Wildfire server? Using the mgmt interface or any other. Do you allow paloalto-wildfire-cloud app somewhere in your policies?

Where did you find that reference? I couldn't find anything!

 

Anyhow, I original had it via management interface, then I changed it and used the the other interface via device -> setup -> Service Route Coniguration. But same result... changed it back to Management (default).

After your sugestion, I added a universal policy at the top to permit any any application paloalto-wildfire-cloud, but still no luck. Still getting errors.

 

admin@PA-VM> show wildfire statistics

Packet based counters:

DP Files upload initiated: 0

DP Files upload succeeded: 0

Counters for file cancellation:

Counters for file forwarding:

file type: apk

file type: pdf

file type: email-link

file type: ms-office

file type: pe

file type: flash

file type: jar

file type: MacOSX

file type: unknown

file type: pdns

Error counters:
FWD_ERR_CONN_FAIL_PUB 44
FWD_ERR_GET_REPORT_FAIL_PUB 4

Reset counters:
DP receiver reset cnt: 3
File cache reset cnt: 1
Public Cloud:
Service connection reset cnt: 1
Log cache reset cnt: 1
Report cache reset cnt: 1
Private Cloud:

Resource meters:
data_buf_meter 0%
msg_buf_meter 0%
ctrl_msg_buf_meter 0%
wr_debug_log_buf_meter 0%

File forwarding queues:
priority: 1, size: 0 (PUB), 0 (PRIV)
priority: 2, size: 0 (PUB), 0 (PRIV)
priority: 3, size: 0 (PUB), 0 (PRIV)
priority: 4, size: 0 (PUB), 0 (PRIV)

 

I actually see the traffic to wildfire\, and it is allowed.

wildFireTraffic.JPG

Also, I'm getting the updates:

wildFireUpdate.JPG

No, I have a few files from weeks ago. The last one I have, I did manually just for testing:

wildFireUpdate.JPG

 I thought it might have stopped working when I upgraded to 8.0. However, after checking the logs, that is not the case:

PA Upgrade.JPG

So I got uploads to wildfire after 24/04 so it must be related to something else I've might have changed in the FW.

Hello I have the same problem and the only thing I've seen that solves it is a FW reset. My version is 8.0.4.

I even got support involved for this issue, but at the end, like you... reboot the box, it started working.
  • 4590 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!