09-14-2015 01:18 AM
Hi All,
Have an issue with WF wherein it has completely stopped working on PANOS 7.0.2.
I have a ticket with 3rd party support and PA for this, just wondering if anyone has experience or knows the fix.
Mgmt interface is service route for wf public cloud - i am registered:
//
nickeo@chal-telehouse> show wildfire status
Connection info:
Signature verification: enable
Server selection: enable
File cache: enable
WildFire Public Cloud:
Server address: wildfire.paloaltonetworks.com
Status: Idle
Best server: ap-northeast-1.wildfire.paloaltonetworks.com
Device registered: yes
Through a proxy: no
Valid wildfire license: yes
Service route IP address: 10.6.15.241
//
The issue appears to be data plan related:
nickeo@chal-telehouse> debug wildfire dp-status
DP status:
DP: not connected
It appears content is not forward from data plane to mgmt interface to be uploaded to wf public cloud.
Can do test registration fine.
Any ideas would be greatly appreciated.
Cheers,
Nick
09-14-2015 06:59 PM
For anyone else that comes across this:
//
Please see Palo Alto's update as below:
After having a closer look there is a buffer leak on the dataplane
Software Pools
[ 0] software packet buffer 0 ( 512): 8938/32768 0x8000000039fe8680
[17] FPTCP segs ( 16): 1/32768 0x80000000b17e4be0
According to another similar case the FPTCP would cause the connection between DP and MP to drop
//
Workaround was to reboot the appliance - still finding out root cause:
nickeo@chal-telehouse> debug wildfire dp-status
DP status:
DP: 127.131.2.1:25792
09-22-2015 01:15 AM
Summary:
Wildfire stopped inspecting and uploading files. This is problem is caused by a bug which is a buffer leak on the PA firewall dataplane.
From the >debug dataplane pool statistics, it is found that the available FPTCP segs and software packet buffer are exhausted.
Wildfire got disconnected from DP. This is observed by:
> debug wildfire dp-status
Restarting the device resolved this issue.
The fix of this bug is still under development by the Palo Alto engineering team.
The bug ID is 81868 – WildFire submission logs not updating.
09-14-2015 01:23 AM
Hi Nick
you could try resetting the dp connection through:
> debug wildfire reset dp-receiver
09-14-2015 01:33 AM
Hi There,
Ok tried that, no cigar.
//
nickeo@chal-telehouse> debug wildfire reset dp-receiver
nickeo@chal-telehouse>
nickeo@chal-telehouse>
nickeo@chal-telehouse>
nickeo@chal-telehouse> debug wildfire dp-status
DP status:
DP: not connected
//
(i waited a few mins between reset and status).
Is there a log i can pull for dp-receiver to shed light on why its not connecting?
09-14-2015 06:59 PM
For anyone else that comes across this:
//
Please see Palo Alto's update as below:
After having a closer look there is a buffer leak on the dataplane
Software Pools
[ 0] software packet buffer 0 ( 512): 8938/32768 0x8000000039fe8680
[17] FPTCP segs ( 16): 1/32768 0x80000000b17e4be0
According to another similar case the FPTCP would cause the connection between DP and MP to drop
//
Workaround was to reboot the appliance - still finding out root cause:
nickeo@chal-telehouse> debug wildfire dp-status
DP status:
DP: 127.131.2.1:25792
09-22-2015 01:15 AM
Summary:
Wildfire stopped inspecting and uploading files. This is problem is caused by a bug which is a buffer leak on the PA firewall dataplane.
From the >debug dataplane pool statistics, it is found that the available FPTCP segs and software packet buffer are exhausted.
Wildfire got disconnected from DP. This is observed by:
> debug wildfire dp-status
Restarting the device resolved this issue.
The fix of this bug is still under development by the Palo Alto engineering team.
The bug ID is 81868 – WildFire submission logs not updating.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
