>
    Cloud Management
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced WildFire
    3. Configure Advanced WildFire Analysis
    4. Forward Files for Advanced WildFire Analysis
    5. Cloud Management
    Download PDF
    Advanced WildFire

    Prisma Access

    Table of Contents

    Cloud Management

    If you’re using Panorama to manage
    Prisma Access
    :
    Toggle over to the
    PAN-OS
     tab and follow the guidance there.
    If you’re using
    Prisma Access
     Cloud Management, continue here.
    1. Specify the Advanced WildFire cloud to which you want to forward samples.
      Select
      Manage
      Configuration
      NGFW and
      Prisma Access
      Security Services
      WildFire and Antivirus
      General Settings
       and edit the General Settings based on your WildFire cloud deployment (public, government, private, or hybrid).
      The WildFire U.S. Government Cloud is only available to U.S. Federal agencies as an optional analysis environment.
      Add the
      WildFire Cloud
       URL for the cloud environment to forward samples to for analysis.
      Advanced WildFire Public Cloud options:
      1. Enter the
        WildFire Public Cloud
         URL:
        • United States:
          wildfire.paloaltonetworks.com
        • Europe:
          eu.wildfire.paloaltonetworks.com
        • Japan:
          jp.wildfire.paloaltonetworks.com
        • Singapore:
          sg.wildfire.paloaltonetworks.com
        • United Kingdom:
          uk.wildfire.paloaltonetworks.com
        • Canada:
          ca.wildfire.paloaltonetworks.com
        • Australia:
          au.wildfire.paloaltonetworks.com
        • Germany:
          de.wildfire.paloaltonetworks.com
        • India:
          in.wildfire.paloaltonetworks.com
        • Switzerland:
          ch.wildfire.paloaltonetworks.com
        • Poland:
          pl.wildfire.paloaltonetworks.com
        • Indonesia:
          id.wildfire.paloaltonetworks.com
        • Taiwan:
          tw.wildfire.paloaltonetworks.com
        • France:
          fr.wildfire.paloaltonetworks.com
        • Qatar:
          qatar.wildfire.paloaltonetworks.com
        • South Korea:
          kr.wildfire.paloaltonetworks.com
        • Israel:
          il.wildfire.paloaltonetworks.com
        • Saudi Arabia:
          sa.wildfire.paloaltonetworks.com
      2. Make sure the
        WildFire Private Cloud
         field is clear.
      WildFire U.S. Government Cloud:
      1. Enter the
        WildFire U.S. Government Cloud
         URL: wildfire.gov.paloaltonetworks.com
      2. Make sure the
        WildFire Private Cloud
         field is clear.
    2. Enable
      Prisma Access
       to forward decrypted SSL traffic for Advanced WildFire analysis by selecting
      Allow Forwarding of Decrypted Content
      . Decrypted traffic is evaluated against security policy rules; if it matches the WildFire analysis profile attached to the security rule, the decrypted traffic is forwarded for analysis before it is re-encrypted.
      Forwarding decrypted SSL traffic for analysis is an Advanced WildFire Best Practice.
    3. Define the size limits for samples the
      Prisma Access
       forwards for analysis.
      It is a Advanced WildFire Best Practice to set the file forwarding values to the default setting.
    4. Configure submission log settings.
      1. Select
        Report Benign Files
         to allow logging for files that receive a verdict of benign.
      2. Select
        Report Grayware Files
         to allow logging for files that receive a verdict of grayware.
    5. When finished,
      Save
       your changes.
    6. Define traffic to forward for analysis.
      1. Select
        Manage
        Configuration
        NGFW and
        Prisma Access
        Security Services
        WildFire and Antivirus
        , and then
        Add Profile
        . Provide a
        Name
         and
        Description
         for the profile.
      2. Add Rule
         to define traffic to be forwarded for analysis and give the rule a descriptive
        Name
        , such as local-PDF-analysis.
      3. Define the profile rule to match to unknown traffic and to forward samples for analysis based on:
        • Direction of Traffic
          —Forward files for analysis based the transmission direction of the file (
          Upload
          ,
          Download
          , or
          Upload and Download
          ). For example, select
          Upload and Download
           to forward all unknown PDFs for analysis, regardless of the transmission direction.
        • Applications
          —Forward files for analysis based on the application in use.
        • File Types
          —Forward files for analysis based on file types, including links contained in email messages. For example, select
          PDF
           to forward unknown PDFs detected by the firewall for analysis.
        • Select the destination for traffic to be forwarded for Analysis.
          • Select
            Public Cloud
             so that all traffic matched to the rule is forwarded to the Advanced WildFire public cloud for analysis.
          • Select
            Private Cloud
             so that all traffic matched to the rule is forwarded to the WildFire appliance for analysis.
          • Save
             the WildFire analysis forwarding rule when finished.
      4. Save
         the WildFire and Antivirus security profile.
    7. Traffic allowed by the security policy rule is evaluated against the attached WildFire analysis profile;
      Prisma Access
       forwards traffic matched to the profile for WildFire analysis.
    10. Choose what to do next...

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.