Advanced WildFire Powered by Precision AI™
Configure General Cluster Settings Locally
Table of Contents
Expand All
|
Collapse All
Advanced WildFire
-
-
- Forward Files for Advanced WildFire Analysis
- Manually Upload Files to the WildFire Portal
- Forward Decrypted SSL Traffic for Advanced WildFire Analysis
- Enable Advanced WildFire Inline Cloud Analysis
- Enable Advanced WildFire Inline ML
- Enable Hold Mode for Real-Time Signature Lookup
- Configure the Content Cloud FQDN Settings
- Sample Removal Request
- Firewall File-Forwarding Capacity by Model
-
-
-
- set deviceconfig cluster
- set deviceconfig high-availability
- set deviceconfig setting management
- set deviceconfig setting wildfire
- set deviceconfig system eth2
- set deviceconfig system eth3
- set deviceconfig system panorama local-panorama panorama-server
- set deviceconfig system panorama local-panorama panorama-server-2
- set deviceconfig system update-schedule
- set deviceconfig system vm-interface
-
- clear high-availability
- create wildfire api-key
- delete high-availability-key
- delete wildfire api-key
- delete wildfire-metadata
- disable wildfire
- edit wildfire api-key
- load wildfire api-key
- request cluster decommission
- request cluster reboot-local-node
- request high-availability state
- request high-availability sync-to-remote
- request system raid
- request wildfire sample redistribution
- request system wildfire-vm-image
- request wf-content
- save wildfire api-key
- set wildfire portal-admin
- show cluster all-peers
- show cluster controller
- show cluster data migration status
- show cluster membership
- show cluster task
- show high-availability all
- show high-availability control-link
- show high-availability state
- show high-availability transitions
- show system raid
- submit wildfire local-verdict-change
- show wildfire
- show wildfire global
- show wildfire local
- test wildfire registration
Configure General Cluster Settings Locally
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Some general settings are optional and some
general settings are pre-populated with default values. It’s best
to at least check these settings to ensure that the cluster configuration
matches your needs. General settings include:
- Connecting to the WildFire public cloud and submitting samples to the public cloud.
- Configuring data retention policies.
- Configuring logging.
- Setting the analysis environment (the VM image that best matches your environment) and customizing the analysis environment to best service the types of samples the firewalls submit to WildFire.
- Set IP addresses for the DNS server, NTP server, and more.
Configure WildFire settings using
the CLI on the cluster’s primary controller node. The rest
of the cluster nodes use the settings configured on the cluster
controller.
- Configure the general settings for the WildFire cluster. This process is similar to Configuring the WildFire Appliance settings.
- (Recommended) Reset the admin password.
- Configure the management interface settings. Set WildFire appliance cluster node IP addresses and the default gateway. Each WildFire appliance cluster node must have a static IP address in the same subnet. Also set the DNS server IP addresses.
- Set the WildFire appliance clock. Set the clock either manually or by specifying NTP servers, and set NTP Server authentication.
- (Optional) Allow additional users to manage the WildFire appliance. Add administrator accounts and assign them roles to manage the cluster.
- (Optional) Connect the cluster to the WildFire public cloud and configure the cloud services the cluster will use.If business reasons don’t prevent you from connecting the WildFire appliance cluster to the public WildFire cloud, connecting the cluster to the cloud provides benefits such as:
- Using the cloud’s resources to perform sample analysis in multiple environments, using different methods.
- Automatically querying the cloud for verdicts before performing local analysis to offload work from the cluster. (Disabled by default.)
- Benefiting from and contributing to the intelligence of the global WildFire community.
The features described in this table row are not cluster-specific You can also configure these features on standalone WildFire appliances.- Benefit from the intelligence gathered from all connected WildFire appliances:
admin@WF-500(active-controller)# set deviceconfig setting wildfire cloud-server <hostname-value>The default value for the WildFire public cloud server hostname is wildfire-public-cloud. You can Forward Files for WildFire Analysis to any public WildFire cloud. - If you connect the cluster to a WildFire public cloud, configure whether to automatically query the public cloud for verdicts before performing local analysis. Querying the public cloud first reduces the load on the local WildFire cluster:
admin@WF-500(active-controller)# set deviceconfig setting wildfire cloud-intelligence cloud-query (no | yes) - If you connect the cluster to a WildFire public cloud, configure the types of information for which you want to Submit Locally-Discovered Malware or Reports to the WildFire Public Cloud (diagnostic data, XML reports about malware analysis, malware samples). If you send malware samples, the cluster doesn’t send reports.
admin@WF-500(active-controller)# set deviceconfig setting wildfire cloud-intelligence submit-diagnostics (no | yes) submit-report (no | yes) submit-sample (no | yes)
- (Optional) Configure the controller node to publish the service status using the DNS protocol.
admin@WF-500(active-controller)# set deviceconfig cluster mode controller service-advertisement dns-service enabled yes - (Optional) Configure data retention policies for malicious and benign or grayware samples.
- Select the amount of time to retain different types of data:
admin@WF-500(active-controller)# set deviceconfig setting wildfire file-retention malicious <indefinite | 1-2000> non-malicious <1-90>The default for retaining malicious samples is indefinite (do not delete). The default for retaining non-malicious (benign and grayware) samples is 14 days.
- (Optional) Configure the preferred analysis environment.
- If your analysis environment analyzes mostly executable samples or mostly document samples, you can allocate the majority of the cluster resources to analyzing those sample types:
admin@WF-500(active-controller)# set deviceconfig setting wildfire preferred-analysis-environment (Documents | Executables | default)For each WildFire appliance in the cluster:- The default option concurrently analyzes 16 documents, 10 portable executables (PE), and 2 email links.
- The Documents option concurrently analyzes 25 documents, 1 PE, and 2 email links.
- The Executables option concurrently analyzes 25 PEs, 1 document, and 2 email links.
You can configure a different preferred analysis environment for each node in the cluster. (If you manage the cluster from Panorama, Panorama can set the analysis environment for the entire cluster.)
- Configure node analysis settings.
- (Optional) Set Up Content Updates to improve malware analysis.
- Set Up the VM Interface to enable the cluster to observe malicious behaviors where the sample being analyzed seeks network access.
- (Optional) Enable Local Signature and URL Category Generation to generate DNS and antivirus signatures and URL categories.
- Configure logging.