Firewall Unable to Register to Cortex Data Lake

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Last Reviewed: 09-04-2023 04:01 AM
Audited By: kiwi
L4 Transporter
No ratings


A firewall is unable to register to Cortex Data Lake (CDL) for log forwarding. You might see red lights under the logging status or the firewall fails to connect to the CDL.



  1. Make sure FQDN refresh is enabled on the firewall
  2. Able to resolve CDL FQDN
  3. Traffic from the firewall to CDL is not being decrypted
  4. The URLs and ports below are whitelisted for Prisma Access communication.
    NOTE: More information can be found at Set Up Prisma Access.
    • Port 444 (for Cortex Data Lake)
    • (for Cortex Data Lake)
    • (for Prisma Access)
    • (for Prisma Access)
    • (for Prisma Access)



Try following these steps on the firewall's CLI. 


  • Troubleshooting
    1. delete license key <logging_service_key>
    2. request logging-service-forwarding certificate delete
    3. request logging-service-forwarding certificate fetch


  • Verification
    1. show logging-status
    2. debug log-receiver rawlog_fwd_trial stats global show
    3. request logging-service-forwarding status
    4. request license info
    5. show system state | match lcaas
    6. show system state | match cust
    7. request logging-service-forwarding customerinfo show
    8. request logging-service-forwarding certificate info
    9. show netstat numeric-hosts yes numeric-ports yes | match 3978


If it does not help, please Start a Topic in the Prisma Access Discussions area for community help. You may also open a TAC Case for further assistance, and be sure to reference the error and the steps provided. You can reference this document if needed.

Rate this article:
Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎08-15-2019 02:54 PM
Updated by:
Retired Member