Advanced WildFire Powered by Precision AI™
Configure the VM Interface on the WildFire Appliance
Table of Contents
Expand All
|
Collapse All
Advanced WildFire
-
-
- Forward Files for Advanced WildFire Analysis
- Manually Upload Files to the WildFire Portal
- Forward Decrypted SSL Traffic for Advanced WildFire Analysis
- Enable Advanced WildFire Inline Cloud Analysis
- Enable Advanced WildFire Inline ML
- Enable Hold Mode for Real-Time Signature Lookup
- Configure the Content Cloud FQDN Settings
- Sample Removal Request
- Firewall File-Forwarding Capacity by Model
-
-
-
- set deviceconfig cluster
- set deviceconfig high-availability
- set deviceconfig setting management
- set deviceconfig setting wildfire
- set deviceconfig system eth2
- set deviceconfig system eth3
- set deviceconfig system panorama local-panorama panorama-server
- set deviceconfig system panorama local-panorama panorama-server-2
- set deviceconfig system update-schedule
- set deviceconfig system vm-interface
-
- clear high-availability
- create wildfire api-key
- delete high-availability-key
- delete wildfire api-key
- delete wildfire-metadata
- disable wildfire
- edit wildfire api-key
- load wildfire api-key
- request cluster decommission
- request cluster reboot-local-node
- request high-availability state
- request high-availability sync-to-remote
- request system raid
- request wildfire sample redistribution
- request system wildfire-vm-image
- request wf-content
- save wildfire api-key
- set wildfire portal-admin
- show cluster all-peers
- show cluster controller
- show cluster data migration status
- show cluster membership
- show cluster task
- show high-availability all
- show high-availability control-link
- show high-availability state
- show high-availability transitions
- show system raid
- submit wildfire local-verdict-change
- show wildfire
- show wildfire global
- show wildfire local
- test wildfire registration
Configure the VM Interface on the WildFire Appliance
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
This section describes the steps required to
configure the VM interface on the WildFire appliance using the Option
1 configuration detailed in the Virtual
Machine Interface Example. After configuring the VM interface
using this option, you must also configure an interface on a Palo
Alto Networks firewall through which traffic from the VM interface
is routed as described in Connect
the Firewall to the WildFire Appliance VM Interface.
By
default, the VM interface has the following settings:
- IP Address: 192.168.2.1
- Netmask: 255.255.255.0
- Default Gateway: 192.168.2.254
- DNS: 192.168.2.254
If you plan on enabling
this interface, configure it with the appropriate settings for your
network. If you do not plan on using this interface, leave the default
settings. Note that this interface must have network values configured
or a commit failure will occur.
- Set the IP information for the VM interface on the WildFire appliance. The following IPv4 values are used in this example, but the appliance also supports IPv6 addresses:
- IP address - 10.16.0.20/22
- Subnet Mask - 255.255.252.0
- Default Gateway - 10.16.0.1
- DNS Server - 10.0.0.246
The VM interface cannot be on the same network as the management interface (MGT).- Enter configuration mode:
admin@WF-500> configure - Set the IP information for the VM interface:
admin@WF-500# set deviceconfig system vm-interface ip-address 10.16.0.20 netmask 255.255.252.0 default-gateway 10.16.0.1 dns-server 10.0.0.246You can only configure one DNS server on the VM interface. As a best practice, use the DNS server from your ISP or an open DNS service.
- Enable the VM interface.
- Enable the VM interface:
admin@WF-500# set deviceconfig setting wildfire vm-network-enable yes - Commit the configuration:
admin@WF-500# commit
- Test connectivity of the VM interface.Ping a system and specify the VM interface as the source. For example, if the VM interface IP address is 10.16.0.20, run the following command where ip-or-hostname is the IP or hostname of a server/network that has ping enabled:
admin@WF-500> ping source 10.16.0.20 host ip-or-hostnameFor example:admin@WF-500> ping source 10.16.0.20 host 10.16.0.1 - (Optional) Send any malicious traffic that the malware generates to the Internet. The Tor network masks your public facing IP address, so the owners of the malicious site cannot determine the source of the traffic.
- Enable the Tor network:
admin@WF-500# set deviceconfig setting wildfire vm-network-use-tor - Commit the configuration:
admin@WF-500# commit
- (Optional) Verify that the Tor network connection is active and healthy.
- Issue the following CLI commands to search for Tor event IDs in the appliance logs. A properly configured and operational WildFire appliance should not generate any event IDs:
- admin@WF-500(active-controller)>showlog system direction equal backward | match anonymous-network-unhealthy—The Tor service is down or otherwise non-operational. Consider restarting your Tor service and verify that it is operating properly.
- admin@WF-500(active-controller)>show log systemdirection equal backward | match anonymous-network-unavailable—The Tor service is operating normally but the WildFire appliance VM interface is unable to establish a connection. Verify your network connections and settings and re-test.