Enable Free WildFire Forwarding
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 11.2
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
Something went wrong please try again later
Enable Free WildFire Forwarding
WildFire is a cloud-based
virtual environment that analyzes and executes unknown samples (files
and email links) and determines the samples to be malicious, phishing, grayware,
or benign. With WildFire enabled, a Palo Alto Networks firewall
can forward unknown samples to WildFire for analysis. For newly-discovered
malware, WildFire generates a signature to detect the malware, which
is made available for retrieval in real-time for all firewalls with
an active WildFire subscription. This enables all Palo Alto next-generation
firewalls worldwide to detect and prevent malware found by a single firewall.
Malware signatures often match multiple variants of the same malware
family, and as such, block new malware variants that the firewall
has never seen before. The Palo Alto Networks threat research team uses
the threat intelligence gathered from malware variants to block
malicious IP addresses, domains, and URLs.
A basic WildFire
service is included as part of the Palo Alto Networks next-generation
firewall and does not require a WildFire subscription. With the
basic WildFire service, you can enable the firewall to forward portable
executable (PE) files. Additionally, if you do not have a WildFire
subscription, but you do have a Threat Prevention subscription,
you can receive signatures for malware WildFire identifies every
24- 48 hours (as part of the Antivirus updates).
Beyond the
basic WildFire service, a WildFire subscription is
required for the firewall to:
- Get the latest WildFire signatures in real-time.
- Prevent malicious PE (portable executables), ELF and MS Office files, and PowerShell and shell scripts from entering your network in real-time using WildFire Inline ML.
- Forward advanced file types and email links for analysis.
- Use the WildFire API.
- Use a WildFire appliance to host a WildFire private cloud or a WildFire hybrid cloud.
If you have a WildFire
subscription, go ahead and get started with WildFire to
get the most out of your subscription. Otherwise, take the following
steps to enable basic WildFire forwarding:
- Confirm that your firewall is registered and that you have a valid support account as well as any subscriptions you require.
- Log in to the Palo Alto Networks Customer Support Portal(CSP) and on the left-hand side navigation pane, select AssetsDevices.
- Verify that the firewall is listed. If it is not listed, select Register New Device and continue to Register the Firewall.
- (Optional) If you have a Threat Prevention subscription, be sure to Activate Subscription Licenses.
- Log in to the firewall and configure WildFire forwarding settings.
- Select DeviceSetupWildFire and edit the General Settings.
- Set the WildFire Public Cloud field to forward files to the WildFire global cloud (U.S.) at: wildfire.paloaltonetworks.com.You can also forward files to a WildFire regional cloud or a private cloud based on your location and your organizational requirements.
- Review the File Size Limits for PEs the firewall forwards for WildFire analysis. set the Size Limit for PEs that the firewall can forward to the maximum available limit of 10 MB.As a WildFire best practice, set the Size Limit for PEs to the maximum available limit of 10 MB.
- Click OK to save your changes.
- Enable the firewall to forward PEs for analysis.
- Select ObjectsSecurity ProfilesWildFire Analysis and Add a new profile rule.
- Name the new profile rule.
- Add a forwarding rule and enter a Name for it.
- In the File Types column, add pe files to the forwarding rule.
- In the Analysis column, select public-cloud to forward PEs to the WildFire public cloud.
- Click OK.
- Apply the new WildFire Analysis profile to traffic that the firewall allows.
- Select PoliciesSecurity and either select an existing policy rule or create a new policy rule as described in Set Up a Basic Security Policy.
- Select Actions and in the Profile Settings section, set the Profile Type to Profiles.
- Select the WildFire Analysis profile you just created to apply that profile rule to all traffic this policy rule allows.
- Click OK.
- Enable the firewall to forward decrypted SSL traffic for WildFire analysis.
- Review and implement WildFire best practices to ensure that you are getting the most of WildFire detection and prevention capabilities.
- Commit your configuration updates.
- Verify that the firewall is forwarding PE files to the WildFire public cloud.Select MonitorLogsWildFire Submissions to view log entries for PEs the firewall successfully submitted for WildFire analysis. The Verdict column displays whether WildFire found the PE to be malicious, grayware, or benign. (WildFire only assigns the phishing verdict to email links). The Action column indicates whether the firewall allowed or blocked the sample. The Severity column indicates how much of a threat a sample poses to an organization using the following values: critical, high, medium, low, information.
- (Threat Prevention subscription only) If you have a Threat Prevention subscription, but do not have a WildFire subscription, you can still receive WildFire signature updates every 24- 48 hours.
- Select DeviceDynamic Updates.
- Check that the firewall is scheduled to download, and install Antivirus updates.