: Transition WildFire Profiles Safely to Best Practices
Focus
Focus

Transition WildFire Profiles Safely to Best Practices

Table of Contents

Transition WildFire Profiles Safely to Best Practices

Apply WildFire Analysis profiles to allow rules to protect against unknown threats without risking application availability.
The following guidance helps define the initial configuration of WildFire Analysis profiles.
Palo Alto Networks Next-Generation Firewalls include the basic WildFire service and don't require an Advanced WildFire (or active legacy WildFire) subscription. The basic service enables the firewall to forward PE files for analysis and retrieves Advanced WildFire signatures only with an antivirus and/or Threat Prevention update every 24-48 hours. An Advanced WildFire subscription (PAN-OS 10.0 or later) or legacy WildFire subscription includes many more features, such as receiving updates in real-time, support for more file types, and an API.
To identify and prevent threats, the firewall must have visibility into application traffic. Decrypt as much traffic as local regulations, business considerations, privacy considerations, and technical ability allow. If you don’t decrypt traffic, the firewall can’t analyze encrypted headers and payload information.
WildFire signature generation is highly accurate and false positives are rare. Deploying the default WildFire Analysis profile (which is the best practices profile) does not impact network traffic. (However, WildFire Action settings in the Antivirus profile might impact traffic if the traffic generates a WildFire signature that results in a reset or drop action.)
When you have the initial profiles in place, monitor the WildFire Submissions logs (MonitorLogsWildFire Submissions) for enough time to gain confidence that you understand whether any business-critical applications cause alerts or blocks due to the Antivirus profile WildFire Action. Create exceptions (open a support ticket if necessary) in the Antivirus profile as needed to remediate any confirmed false positives.