This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Wildfire stopped working on PANOS 7.0.2

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Wildfire stopped working on PANOS 7.0.2

Go to solution
nikonau
L1 Bithead

‎09-14-2015 01:18 AM

Hi All,

 

Have an issue with WF wherein it has completely stopped working on PANOS 7.0.2.

I have a ticket with 3rd party support and PA for this, just wondering if anyone has experience or knows the fix.

 

Mgmt interface is service route for wf public cloud - i am registered:

//

nickeo@chal-telehouse> show wildfire status

Connection info:
Signature verification: enable
Server selection: enable
File cache: enable

WildFire Public Cloud:
Server address: wildfire.paloaltonetworks.com
Status: Idle
Best server: ap-northeast-1.wildfire.paloaltonetworks.com
Device registered: yes
Through a proxy: no
Valid wildfire license: yes
Service route IP address: 10.6.15.241

//

 

The issue appears to be data plan related:

nickeo@chal-telehouse> debug wildfire dp-status

DP status:
DP: not connected

 

It appears content is not forward from data plane to mgmt interface to be uploaded to wf public cloud.

Can do test registration fine.

 

Any ideas would be greatly appreciated.

 

Cheers,

Nick

2 people had this problem.
0 Likes Likes
2 accepted solutions

Accepted Solutions

Go to solution
nikonau
L1 Bithead
In response to nikonau

‎09-14-2015 06:59 PM

For anyone else that comes across this:

 

//
Please see Palo Alto's update as  below:

After having a closer look there is a buffer leak on the dataplane

Software Pools
[ 0] software packet buffer 0 ( 512): 8938/32768 0x8000000039fe8680
[17] FPTCP segs ( 16): 1/32768 0x80000000b17e4be0

 

According to another similar case the FPTCP would cause the connection between DP and MP to drop

//

 

Workaround was to reboot the appliance - still finding out root cause:


nickeo@chal-telehouse> debug wildfire dp-status

DP status:
DP: 127.131.2.1:25792

View solution in original post

0 Likes Likes

Go to solution
nikonau
L1 Bithead
In response to nikonau

‎09-22-2015 01:15 AM

Summary:

Wildfire stopped inspecting and uploading files. This is problem is caused by a bug which is a buffer leak on the PA firewall dataplane.

From the >debug dataplane pool statistics, it is found that the available FPTCP segs and software packet buffer are exhausted.

Wildfire got disconnected from DP. This is observed by:
> debug wildfire dp-status

Restarting the device resolved this issue. 

The fix of this bug is still under development by the Palo Alto engineering team.

The bug ID is 81868 – WildFire submission logs not updating.

View solution in original post

4 REPLIES 4

Go to solution
reaper
Cyber Elite
Cyber Elite

‎09-14-2015 01:23 AM

Hi Nick

 

you could try resetting the dp connection through:

 

> debug wildfire reset dp-receiver
Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

Go to solution
nikonau
L1 Bithead
In response to reaper

‎09-14-2015 01:33 AM

Hi There,

 

Ok tried that, no cigar.

 

//

 

nickeo@chal-telehouse> debug wildfire reset dp-receiver

nickeo@chal-telehouse>
nickeo@chal-telehouse>
nickeo@chal-telehouse>
nickeo@chal-telehouse> debug wildfire dp-status

DP status:
DP: not connected

//

(i waited a few mins between reset and status).

 

Is there a log i can pull for dp-receiver to shed light on why its not connecting?

0 Likes Likes

Go to solution
nikonau
L1 Bithead
In response to nikonau

‎09-14-2015 06:59 PM

For anyone else that comes across this:

 

//
Please see Palo Alto's update as  below:

After having a closer look there is a buffer leak on the dataplane

Software Pools
[ 0] software packet buffer 0 ( 512): 8938/32768 0x8000000039fe8680
[17] FPTCP segs ( 16): 1/32768 0x80000000b17e4be0

 

According to another similar case the FPTCP would cause the connection between DP and MP to drop

//

 

Workaround was to reboot the appliance - still finding out root cause:


nickeo@chal-telehouse> debug wildfire dp-status

DP status:
DP: 127.131.2.1:25792

0 Likes Likes

Go to solution
nikonau
L1 Bithead
In response to nikonau

‎09-22-2015 01:15 AM

Summary:

Wildfire stopped inspecting and uploading files. This is problem is caused by a bug which is a buffer leak on the PA firewall dataplane.

From the >debug dataplane pool statistics, it is found that the available FPTCP segs and software packet buffer are exhausted.

Wildfire got disconnected from DP. This is observed by:
> debug wildfire dp-status

Restarting the device resolved this issue. 

The fix of this bug is still under development by the Palo Alto engineering team.

The bug ID is 81868 – WildFire submission logs not updating.

  • 2 accepted solutions
  • 5045 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks