Friday, December 10, 2021

Fixing PaloAlto Firewall fail to send Telemetry files problem

 In this post, I will be talking about a problem that you may face with PaloAlto Networks Firewall.

the problem can be seen with log that is generated by the Firewalls while trying to send telemetry file and failing:

10>Dec 6 23:40:04 FMC-PA-820-PRMARY 1,2021/12/06 23:40:04,0120010412345,SYSTEM,device-telemetry,2561,2021/12/06 23:40:04,,send-failed,,0,0,general,critical,"Failed to send: file

the problem above is informing us about the existence of an issue in sending telemetry file to PaloAlto cloud.

what does this means?

The firewall collects and forwards different sets of telemetry data to Palo Alto Networks based on the Telemetry settings you enable. The firewall collects the data from fields in your log entries (see Log Types and Severity Levels); the log type and combination of fields vary based on the setting. Review the following table before you Enable Telemetry.

source: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threat-prevention/share-threat-intelligence-with-palo-alto-networks/what-telemetry-data-does-the-firewall-collect.html 

it means we have to fix this issue because it is important.

ok, so one thing to notice here is that the relationship between PaloAlto firewall and PaloAlto cloud is a client-server relationship and since this is going via the internet, authentication and encryption must take a place in this process so secure the connection between Client-Server.

which means we need to authenticate our firewall in order to get the telemetry sent to PaloAlto Networks Cloud.

how we are going to authenticate? the answer is via certificate.

what you need to get this certificate?

1. Telemetry must be enabled and this can be done like this > click on settings icon and enable and choose region. then commit









2. Support and access to support portal of PaloAlto

3. Serial numbers of your firewalls that suppose to be under support.

once you logged in PaloAlto support portal go to > Assets > Device certificates > Generate OTP

here you will must select the serial of the asset and then generate the OTP and copy it.

now you must go back to > Device > Management > Device Certificate > Get Certificate

paste the OTP and apply it, this should make you see success fetch status like below.








Note: above image shows after the certificate import done.

Once all of these steps finished, you should be able to generate telemetry file by doing this>

Device > Telemetry > settings icon > Generate.
















I hope this was useful.

Samer R. Saleem

-
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Python-Jinja template configuration generator for Cisco devices and printout configs to external text files

 In this post, I worked on collecting a code that works with Jinja template. the nice thing in working with Jinja is that you can have basel...