Configure WildFire Protection
Focus
Focus
Cloud NGFW for Azure

Configure WildFire Protection

Table of Contents

Configure WildFire Protection

Learn how to configure a WildFire Analysis profile on Panorama to detect and forward threats to WildFire.
Where Can I Use This?What Do I Need?
  • Cloud NGFW for Azure
  • Cloud NGFW subscription
  • Palo Alto Networks Customer Support Portal account
  • Azure Marketplace subscription
To configure WildFire on your Cloud NGFW Azure resource using Panorama, you will need to:

Configure a WildFire Profile

  1. Login to Panorama and click Objects > WildFire Analysis. The WildFire Analysis profile window appears.
  2. Select the device group from the drop-down menu where you want to create the profile.
  3. Click Add.
  4. Enter a Name for the WildFire profile and click Add.
  5. Enter a descriptive Name for any rules you add to the profile.
  6. In the application section, click Add to select the application from the list of applications that you wish to allow access through your WildFire profile.
  7. Click FileTypes to select the file types you wish to allow.
  8. Click Direction to allow download or upload or both options.
  9. Select the Destination for traffic to be forwarded for analysis: Select public cloud if you wish that all traffic matched to the rule is forwarded to the WildFire public cloud for analysis.
  10. Select private cloud if you wish that all traffic matched to the rule is forwarded to the WildFire appliance for analysis.
  11. Click OK.

Define Security Rules

  1. Log in to Panorama, and click policy rules.
  2. Choose the required Device Group and click the preconfigured security rule (pre-rule or post-rule) or create a new rule.
  3. Click Actions.
  4. In the profile setting, select Profiles under the profile type.
  5. Select the WildFire profile you wish to choose in the WildFire Analysis drop-down.
  6. Click OK.
Commit and push the device group to the Cloud NGFW resources.
For more information, see Latest WildFire Cloud Features.

View WildFire Submission Logs

You can view WildFire submission logs in:
  1. View logs in Azure
  2. View logs in Panorma

View Logs in Azure

After you create the Log Analytics Workspace, update the log settings under the firewall and start sending the traffic. Once the traffic is sent, you can view the logs as described in the steps below:
  1. Click the Log Analytics Workspace for which you need to view the logs.
  2. Click Logs.
  3. Click Custom Logs in the query window and Run a query you have created.
    You can create a customized query with parameters such as number of logs, time range and so on. For example - A simple Query
    fluentbit_CL | limit 10
  4. Click the desired query result item for which you would want to view the detailed logs.

View Logs in Panorama

On Panorama, you can view the logs on the device group using Monitor > Threats.