Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

wildfire-upload-fail

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

wildfire-upload-fail

L4 Transporter

Looking to find out more about wildfire-upload-fail. Has anyone had any of these and if so were you able to determine the root cause?

1 accepted solution

Accepted Solutions

The root cause ended up being a backend issue with Wildfire as a server was running out of space and caused the fails.

View solution in original post

13 REPLIES 13

L7 Applicator

Hello Lewis,

Could you please check this article : What Does Wildfire-Upload-Fail Mean?

Also, verify the connectivity from your PAN FW:

WildFire CLI commands

The following commands provide the details of the best server selected. To test the Connectivity, follow the steps below:

> test wildfire registration

This test may take a few minutes to finish. Do you want to continue? (y or n)

Test wildfire

        wildfire registration:        successful

        download server list:        successful

        select the best server:      va-s1.wildfire.paloaltonetworks.com

Initial registration can only be done on the active unit in an Active/Passive cluster.

Note: Do not use PING to test connectivity to the server. Ping requests are disabled on the WildFire server. Best practice to test connectivity is to Telnet to the server on port 443.

To verify, if any files have been forwarded to the server, use the following command:

> show wildfire status

Connection info:

        Wildfire cloud:                default cloud

        Status:                        Idle

        Best server:                  va-s1.wildfire.paloaltonetworks.com

        Device registered:            yes

        Service route IP address:      10.30.24.52

        Signature verification:        enable

        Server selection:              enable

        Through a proxy:              no

Forwarding info:

        file size limit (MB):                  2

        file idle time out (second):            90

        total file forwarded:                  0

        forwarding rate (per minute):          0

        concurrent files:                      0

The total file forwarded counter will provide the number of files being forwarded to the server.

Reference DOC: How to Configure WildFire

Thanks

L5 Sessionator

Hi Lewis,

Please find following document :

What Does Wildfire-Upload-Fail Mean?

It says :

"The cause of this message is typically from network issues, such as, incorrect DNS configuration, connection timeouts, etc. View the varrcvr.log to help find the error logs with the specific cause of the message. For example, a search for the string, “pan_fbd_cloud_upload error" may yield results (as in the following error) that provide the cause:

Error: pan_fbd_fwd_msg_process(pan_fbd_fwd.c:1311): pan_fbd_cloud_upload error 26, Failed to open/read local data from file/application"

Hope this helps. Thank you.

L6 Presenter

Hi Lewis,

Provide us output for "less mp-log varrcvr.log", output will be a huge file. Make sure you are logging the session in txt file.

Provide us that txt file, based on error message we should be able to determine root cause.

Regards,

Hardik shah

Is there any impact on production by running this command?

no, it should not impact your production network.

Thanks

Hi Lewis,

Its just a show command in Palo Alto World, you are good to go.

Regards,

Hardik Shah

does this command typically take a while to run? been sitting at 0%

That probably means there are no logs available as of yet. You might have to enable debug for vardata receiver. "debug vardata-receiver on debug" on done you can change it back to "debug vardata-receiver on info".

Let it for a while, and check "less mp-log varrcvr.log"

You should see some logs. You can either user Space-Bar to go down the logs or use "shift + g"  to go at the bottom of the logs. Hope this helps. Thank you.

Hi Lewis,

If firewall is configured for wildfire than varrcver should have some logs. No logs is not good. I think there might be something wrong with the varrcvr process.

Can you please provide me output for "show system resource"

Regards,

Hardik Shah

L5 Sessionator

lewis

If you are still having the following issues try running the following command

debug wildfire reset all


Once you have ran this command try to upload using the fake test file from

How to Test WildFire with a Fake Malicious File

ssharma hshah I was able to get an output of the varrcver file while on a call with support. However  we were unable to resolve the issue on that call. But now it appears the issue no longer exist as wildfire traffic is working as expected. Not sure what the root cause was but I will be monitoring.

jperry1 Are there any performance issues I should be aware of before running this debug command?

lewis

No impact to performance by running this command.

The root cause ended up being a backend issue with Wildfire as a server was running out of space and caused the fails.

  • 1 accepted solution
  • 7041 Views
  • 13 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!