11-06-2014 04:03 AM
Looking to find out more about wildfire-upload-fail. Has anyone had any of these and if so were you able to determine the root cause?
11-12-2014 09:37 AM
The root cause ended up being a backend issue with Wildfire as a server was running out of space and caused the fails.
11-06-2014 05:11 AM
Hello Lewis,
Could you please check this article : What Does Wildfire-Upload-Fail Mean?
Also, verify the connectivity from your PAN FW:
WildFire CLI commands
The following commands provide the details of the best server selected. To test the Connectivity, follow the steps below:
> test wildfire registration
This test may take a few minutes to finish. Do you want to continue? (y or n)
Test wildfire
wildfire registration: successful
download server list: successful
select the best server: va-s1.wildfire.paloaltonetworks.com
Initial registration can only be done on the active unit in an Active/Passive cluster.
Note: Do not use PING to test connectivity to the server. Ping requests are disabled on the WildFire server. Best practice to test connectivity is to Telnet to the server on port 443.
To verify, if any files have been forwarded to the server, use the following command:
> show wildfire status
Connection info:
Wildfire cloud: default cloud
Status: Idle
Best server: va-s1.wildfire.paloaltonetworks.com
Device registered: yes
Service route IP address: 10.30.24.52
Signature verification: enable
Server selection: enable
Through a proxy: no
Forwarding info:
file size limit (MB): 2
file idle time out (second): 90
total file forwarded: 0
forwarding rate (per minute): 0
concurrent files: 0
The total file forwarded counter will provide the number of files being forwarded to the server.
Reference DOC: How to Configure WildFire
Thanks
11-06-2014 05:13 AM
Hi Lewis,
Please find following document :
What Does Wildfire-Upload-Fail Mean?
It says :
"The cause of this message is typically from network issues, such as, incorrect DNS configuration, connection timeouts, etc. View the varrcvr.log to help find the error logs with the specific cause of the message. For example, a search for the string, “pan_fbd_cloud_upload error" may yield results (as in the following error) that provide the cause:
Error: pan_fbd_fwd_msg_process(pan_fbd_fwd.c:1311): pan_fbd_cloud_upload error 26, Failed to open/read local data from file/application"
Hope this helps. Thank you.
11-06-2014 06:08 AM
Hi Lewis,
Provide us output for "less mp-log varrcvr.log", output will be a huge file. Make sure you are logging the session in txt file.
Provide us that txt file, based on error message we should be able to determine root cause.
Regards,
Hardik shah
11-06-2014 06:22 AM
Is there any impact on production by running this command?
11-06-2014 06:23 AM
no, it should not impact your production network.
Thanks
11-06-2014 06:27 AM
Hi Lewis,
Its just a show command in Palo Alto World, you are good to go.
Regards,
Hardik Shah
11-06-2014 07:08 AM
does this command typically take a while to run? been sitting at 0%
11-06-2014 07:24 AM
That probably means there are no logs available as of yet. You might have to enable debug for vardata receiver. "debug vardata-receiver on debug" on done you can change it back to "debug vardata-receiver on info".
Let it for a while, and check "less mp-log varrcvr.log"
You should see some logs. You can either user Space-Bar to go down the logs or use "shift + g" to go at the bottom of the logs. Hope this helps. Thank you.
11-06-2014 10:45 AM
Hi Lewis,
If firewall is configured for wildfire than varrcver should have some logs. No logs is not good. I think there might be something wrong with the varrcvr process.
Can you please provide me output for "show system resource"
Regards,
Hardik Shah
11-06-2014 12:33 PM
If you are still having the following issues try running the following command
debug wildfire reset all
Once you have ran this command try to upload using the fake test file from
11-07-2014 03:28 AM
ssharma hshah I was able to get an output of the varrcver file while on a call with support. However we were unable to resolve the issue on that call. But now it appears the issue no longer exist as wildfire traffic is working as expected. Not sure what the root cause was but I will be monitoring.
jperry1 Are there any performance issues I should be aware of before running this debug command?
11-07-2014 08:19 AM
No impact to performance by running this command.
11-12-2014 09:37 AM
The root cause ended up being a backend issue with Wildfire as a server was running out of space and caused the fails.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
