1. (
    PA-7000 Series Firewalls Only
    ) To enable a PA-7000 Series firewall to forward samples for analysis, you must first configure a data port on an NPC as a Log Card interface. If you have a PA-7000 series appliance equipped with an LFC (log forwarding card), you must configure a port used by the LFC. When configured, the log card port or the LFC interface takes precedence over the management port when forwarding samples.
  2. Specify the Advanced WildFire Deployments to which you want to forward samples.
    and edit the General Settings based on your WildFire cloud deployment (public, government, private, or hybrid).
    The WildFire U.S. Government Cloud is only available to U.S. Federal agencies as an optional analysis environment.
    Advanced WildFire Public Cloud:
    1. Enter the
      WildFire Public Cloud
      • United States:
      • Europe:
      • Japan:
      • Singapore:
      • United Kingdom:
      • Canada:
      • Australia:
      • Germany:
      • India:
      • Switzerland:
      • Poland:
      • Indonesia:
    2. Make sure the
      WildFire Private Cloud
      field is clear.
    WildFire U.S. Government Cloud:
    1. Enter the
      WildFire U.S. Government Cloud
    2. Make sure the
      WildFire Private Cloud
      field is clear.
  3. Define the size limits for files the firewall forwards and configure logging and reporting settings.
    Continue editing General Settings (
    • Review the
      File Size Limits
      for files forwarded from the firewall.
      It is a Advanced WildFire Best Practices to set the
      File Size
      for PEs to the maximum size limit of 10 MB, and to leave the
      File Size
      for all other file types set to the default value.
    • Select
      Report Benign Files
      to allow logging for files that receive a verdict of benign.
    • Select
      Report Grayware Files
      to allow logging for files that receive a verdict of grayware.
    • Define what session information is recorded in WildFire analysis reports by editing the Session Information Settings. By default, all session information is displayed in WildFire analysis reports. Clear the check boxes to remove the corresponding fields from WildFire analysis reports and click
      to save the settings.
  4. (
    Panorama Only
    ) Configure Panorama to gather additional information about samples collected from firewalls running a PAN-OS version prior to PAN-OS 7.0.
    Some WildFire Submissions log fields introduced in PAN-OS 7.0 are not populated for samples submitted by firewalls running earlier software versions. If you are using Panorama to manage firewalls running software versions earlier than PAN-OS 7.0, Panorama can communicate with WildFire to gather complete analysis information for samples submitted by those firewalls from the defined
    WildFire Server
    (the WildFire global cloud, by default) to complete the log details.
    and enter a
    WildFire Server
    if you’d like to modify the default setting to instead allow Panorama to gather details from the specified WildFire cloud or from a WildFire appliance.
  5. Define traffic to forward for analysis.
    1. Select
      Security Profiles
      WildFire Analysis
      a new WildFire analysis profile, and give the profile a descriptive
    2. Add
      a profile rule to define traffic to be forwarded for analysis and give the rule a descriptive
      , such as local-PDF-analysis.
    3. Define the profile rule to match to unknown traffic and to forward samples for analysis based on:
      • Applications
        —Forward files for analysis based on the application in use.
      • File Types
        —Forward files for analysis based on file types, including links contained in email messages. For example, select
        to forward unknown PDFs detected by the firewall for analysis.
      • Direction
        —Forward files for analysis based the transmission direction of the file (upload, download, or both). For example, select
        to forward all unknown PDFs for analysis, regardless of the transmission direction.
    4. Click
      to save the WildFire analysis profile.
  6. Attach the WildFire Analysis profile to a security policy rule.
    Traffic allowed by the security policy rule is evaluated against the attached WildFire analysis profile; the firewalls forwards traffic matched to the profile for WildFire analysis.
    1. Select
      or modify a policy rule.
    2. Click the
      tab within the policy rule.
    3. In the Profile Settings section, select
      as the
      Profile Type
      and select a
      WildFire Analysis
      profile to attach to the policy rule
  7. Review and implement Advanced WildFire Best Practices.
  8. Click
    to apply the updated settings.
  9. Choose what to do next...

Recommended For You