>
    Get Started with Advanced WildFire
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced WildFire
    3. Advanced WildFire Overview
    4. Get Started with Advanced WildFire
    Download PDF

    Advanced WildFire

    Get Started with Advanced WildFire

    Table of Contents

    Get Started with Advanced WildFire

    Where Can I Use This?
    What Do I Need?
    • PAN-OS
    • Prisma Access
    • Advanced WildFire License
      For Prisma Access, this is usually included with your Prisma Access license.
    The following steps provide a quick workflow to get started with Advanced WildFire™ on the firewall. If you’d like to learn more about Advanced WildFire before getting started, take a look at the Advanced WildFire Overview and review the Advanced WildFire Best Practices.
    For information about using the WildFire private cloud or hybrid cloud, refer to the WildFire Appliance administration.
    I you are using Advanced WildFire on Prisma Access, familiarize yourself with the product before configuring your WildFire Analysis Security Profile to Forward Files for Advanced WildFire Analysis.
    1. Get your Advanced WildFire or WildFire subscription. If you do not have a subscription, you can still forward PEs for WildFire analysis.
    2. Decide which of the Advanced WildFire Deployments works for you:
      • Advanced WildFire Public Cloud—Forward samples to a Palo Alto Networks-hosted Advanced WildFire public cloud.
      • WildFire U.S. Government cloud—Forward samples to a Palo Alto Networks-hosted WildFire U.S. Government cloud.
      If you are deploying a WildFire private or hybrid cloud, refer to the WildFire Appliance administration.
    3. Confirm your license is active on the firewall.
      1. Log in to the firewall.
      2. Select
        Device
        Licenses
         and check that the WildFire License is active.
        If the WildFire License is not displayed, select one of the License Management options to activate the license.
    4. Connect the firewall to WildFire and configure WildFire settings.
      1. Select
        Device
        Setup
        WildFire
         and edit General Settings.
      2. Use
        WildFire Public Cloud
         field to forward samples to the Advanced WildFire public cloud.
      3. It is a Advanced WildFire Best Practices to set the
        File Size
         for PEs to the maximum size limit of 10 MB, and to leave the
        File Size
         for all other file types set to the default value.
      4. Click
        OK
         to save the WildFire General Settings.
    6. Start submitting samples for analysis.
      1. Define traffic to forward for WildFire analysis. (Select
        Objects
        Security Profiles
        WildFire Analysis
         and modify or
        Add
         a WildFire Analysis profile).
        As a best practice, use the WildFire Analysis default profile to ensure complete coverage for traffic the firewall allows. If you still decide to create a custom WildFire Analysis profile, set the profile to forward
        Any
         file type—this enables the firewall to automatically start forwarding newly-supported file types for analysis.
      2. For each profile rule, set
        public-cloud
         as the
        Destination
         to forward samples to the Advanced WildFire cloud for analysis.
      3. Attach the WildFire analysis profile to a security policy rule. Traffic matched to the policy rule is forwarded for WildFire analysis (
        Policies
        Security
         and
        Add
         or modify a security policy rule).
    7. Enable the firewall to get the latest Advanced WildFire signatures.
      New Advanced WildFire signatures are retrieved in real-time to detect and identify malware. If you are operating PAN-OS 9.1 or earlier, you can receive new signatures every five minutes.
      • PAN-OS 9.1 and earlier
        1. Select
          Device
          Dynamic Updates
          :
          • Check that
            WildFire
             updates are displayed.
          • Select
            Check Now
             to retrieve the latest signature update packages.
        2. Set the
          Schedule
           to download and install the latest Advanced WildFire signatures.
        3. Use the
          Recurrence
           field to set the frequency at which the firewall checks for new updates to
          Every Minute
          .
          As new WildFire signatures are available every five minutes, this setting ensures the firewall retrieves these signatures within a minute of availability.
        4. Enable the firewall to
          Download and Install
           these updates as the firewall retrieves them.
        5. Click
          OK
          .
      • PAN-OS 10.0 and later
        1. Select
          Device
          Dynamic Updates
          :
        2. Check that the
          WildFire
           updates are displayed.
        3. Select Schedule to configure the update frequency and then use the
          Recurrence
           field to configure the firewall to retrieve WildFire signatures in
          Real-time
          .
        4. Click
          OK
          .
    8. Start scanning traffic for threats, including malware that Advanced WildFire identifies.
      Attach the
      default
       Antivirus profile to a security policy rule to scan traffic the rules allows based on WildFire antivirus signatures (select
      Policies
      Security
       and add or a modify the defined
      Actions
       for a rule).
    9. Control site access to web sites where Advanced WildFire has identified the associated link as malicious or phishing.
      This option requires a PAN-DB URL Filtering license. Learn more about URL Filtering and how it enables you to control web site access and corporate credential submissions (to prevent phishing attempts) based on URL category.
      To configure URL Filtering:
      1. Select
        Objects
        Security Profiles
        URL Filtering
         and
        Add
         or modify a URL Filtering profile.
      2. Select
        Categories
         and define
        Site Access
         for the phishing and malicious URL categories.
      3. Block
         users from accessing sites in these categories altogether, or instead, allow access but generate an
        Alert
         when users access sites in these categories, to ensure you have visibility into such events.
      4. Enable credential phishing prevention to stop users from submitting credentials to untrusted sites, without blocking their access to these sites.
      5. Apply the new or updated URL Filtering profile, and attach it to a security policy rule to apply the profile settings to allowed traffic:
        1. Select
          Policies
          Security
           and
          Add
           or modify a security policy rule.
        2. Select
          Actions
           and in the Profile Setting section, set the
          Profile Type
           to profiles.
        3. Attach the new or updated
          URL Filtering
           profile to the security policy rule.
        4. Click
          OK
           to save the security policy rule.
    10. Confirm that the firewall is successfully forwarding samples.
      • If you enabled logging of benign files, select
        Monitor
        WildFire Submissions
         and check that entries are being logged for benign files submitted for analysis. (If you’d like to disable logging of benign files after confirming that the firewall is connected to a WildFire cloud, select
        Device
        Setup
        WildFire
         and clear
        Report Benign Files
        ).
      • Other options to allow you to confirm that the firewall forwarded a specific sample, view samples the firewall forwards according to file type, and to view the total number of samples the firewall forwards.
      • Test a Sample Malware File to test your complete WildFire configuration.
    12. Next step:
      Review and implement Advanced WildFire Best Practices.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.