Managed WildFire Cluster and Appliance Administration
Table of Contents
9.1 (EoL)
Expand all | Collapse all
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > GTP Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Decryption > Forwarding Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > VLANs
- Network > Virtual Wires
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Device Block List
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Scheduled Config Export
End-of-Life (EoL)
Managed WildFire Cluster and Appliance Administration
Select PanoramaManaged WildFire Clusters and
select a cluster to manage or select a WildFire appliance (PanoramaManaged WildFire Appliances)
to manage a standalone appliance. The PanoramaManaged WildFire Cluster view
lists cluster nodes (WildFire appliances that are members of the
cluster) and standalone appliances so that you can add available
appliances to a cluster. Because the cluster manages the nodes,
selecting a cluster node provides only limited management capability.
Unless noted, the settings and descriptions in the following
table apply to both WildFire clusters and WildFire standalone appliances.
Information previously configured on a cluster or appliance is prepopulated.
You must first commit changes and additions to the information on
Panorama and then push the new configuration to the appliances.
Setting | Description |
---|---|
General tab | |
Name | The cluster or appliance Name or
the appliance serial number. |
Enable DNS (WildFire clusters
only) | Enable DNS service
for the cluster. |
Register Firewall To | The domain name to which you register firewalls.
Format must be wfpc.service.<cluster-name>.<domain>.
For example, the default domain name is wfpc.service.mycluster.paloaltonetworks.com. |
Content Update Server | Enter the Content Update Server location
or use the default wildfire.paloaltonetworks.com so
that the cluster or appliance receives content updates from the
closest server in the Content Delivery Network infrastructure. Connecting
to the global cloud gives you the benefit of accessing signatures
and updates based on threat analysis from all sources connected
to the cloud, instead of relying only on the analysis of local threats. |
Check Server Identity | Check Server Identity to
confirm the identity of the update server by matching the common
name (CN) in the certificate with the IP address or FQDN of the
server. |
WildFire Cloud Server | Enter the global WildFire Cloud
Server location or use the default wildfire.paloaltonetworks.com so
that the cluster or appliance can send information to the closest
server. You can choose whether to send information and what types
of information to send to the global cloud (WildFire
Cloud Services). |
Sample Analysis Image | Select the VM image for the cluster or appliance
to use for sample analysis (default is vm-5). You can Get a Malware Test File (WildFire API) to
see the result of the sample analysis. |
WildFire Cloud Services | If the cluster or appliance is connected
to the global WildFire Cloud Server, you can choose whether to Send
Analysis Data, Send Malicious Samples, Send
Diagnostics to the global cloud or any combination of
the three. You can also choose whether to perform a Verdict
Lookup in the global cloud. Sending information to the global
cloud benefits the entire community of WildFire users because the
shared information increases the ability of every appliance to identify
malicious traffic and prevent it from traversing the network. |
Sample Data Retention | The number of days to retain benign or grayware
samples and malicious samples:
|
Analysis Environment Services | Environment Networking enables
virtual machines to communicate with the internet. You can select Anonymous Networking to
make network communication anonymous but you must select Environment
Networking before you can enable Anonymous
Networking. Different network environments produce
different types of analysis loads depending on whether more documents
need to be analyzed or more executable files need to be analyzed.
You can configure your Preferred Analysis Environment to allocate
more resources to Executables or to Documents,
depending on the needs of your environment. The Default allocation
is balanced between Executables and Documents. The
amount of available resources depends on how many WildFire nodes
are in the cluster. |
Signature Generation | Select whether you want the cluster or appliance
to generate signatures for AV, DNS, URLs, or any combination of
the three. |
Appliance tab | |
Hostname (Standalone WildFire appliance only) | Enter the hostname of the WildFire appliance. |
Panorama Server | Enter the IP address or FQDN of the appliance
or of the primary Panorama managing the cluster. |
Panorama Server 2 | Enter the IP address or FQDN of the appliance
or of the backup Panorama managing the cluster. |
Domain | Enter the domain name of the appliance cluster
or appliance. |
Primary DNS Server | Enter the IP address of the primary DNS
Server. |
Secondary DNS Server | Enter the IP address of the secondary DNS
Server. |
Timezone | Select the time zone to use for the cluster
or appliance. |
Latitude (Standalone WildFire appliance only) | Enter the latitude of the WildFire appliance. |
Longitude (Standalone WildFire appliance only) | Enter the longitude of the WildFire appliance. |
Primary NTP Server | Enter the IP address of the primary NTP
Server and set the Authentication Type to None (default), Symmetric
Key, or Autokey. Setting
the Authentication Type to Symmetric Key reveals
four more fields:
|
Secondary NTP Server | Enter the IP address of the secondary NTP
Server and set the Authentication Type to None (default), Symmetric
Key, or Autokey. Setting
the Authentication Type to Symmetric Key reveals
four more fields:
|
Login Banner | Enter a banner message that displays when
users log in to the cluster or appliance. |
Logging tab (Includes System
tab and Configuration tab) | |
Add | Add log forwarding
profiles (PanoramaManaged
WildFire Clusters<cluster>LoggingSystem or PanoramaManaged WildFire Clusters<cluster>LoggingConfiguration) to forward:
No other log
types are supported (see Device
> Log Settings). The Log Forwarding profiles specify
which logs to forward and to which destination servers. For each
profile, complete the following:
|
Add > Filter > Filter Builder | Use Filter Builder to
create new log filters. Select Create Filter to construct
filters and, for each query in a new filter, specify the following
settings and then Add the query:
To
display or export logs that the filter matches, select View
Filtered Logs.
You
can change the number and order of entries displayed per page and
you can use the paging controls at the bottom left of the page to navigate
through the log list. Log entries are retrieved in blocks of 10 pages.
|
Delete | Select and then Delete the
log forwarding settings you want to remove from the System or Configuration
log list. |
Authentication tab | |
Remote Authentication | Select the Authentication Profile for
access. The default is None. If there are
no authentication profiles to choose from, you can Configure an Authentication Profile and Sequence. |
Local Authentication | Configure local authentication for the administrator:
|
Timeout Configuration | Configure cluster authentication timeouts:
|
Clustering tab (Managed
WildFire Clusters only) and Interfaces tab (Managed WildFire
Appliances only) You must add appliances to Panorama
to manage interfaces and add appliances to clusters to manage node
interfaces. | |
Appliance (Clustering tab only) | Select a cluster node to access the Appliance
and Interfaces tabs for that node. The Appliance tab node information
is prepopulated and not configurable except for the hostname. The
Interfaces tab lists the node interfaces. Select an interface to
manage it as described in: |
Interface
Name Management | The management interface is Ethernet0. Configure
or view management interface settings:
Configure
proxy settings if you use a proxy server to connect to the Internet:
Specify
IP addresses that are permitted on the interface:
|
Interface
Name Analysis Environment Network | Configure settings for the WildFire appliance
cluster or standalone WildFire appliance analysis environment network
interface (Ethernet1, also known as the VM interface):
Specify
IP addresses that are permitted on the interface:
|
Interface
Name Ethernet2 Interface
Name Ethernet3 | You can set the same parameters for the
Ethernet2 and Ethernet3 interfaces:
|
Role (Clustering tab only) | When a cluster has member appliances, the
appliance roles can be Controller, Controller Backup, or Worker.
Select Controller or Backup Controller to
change the WildFire appliance used for each role from the appliances
in the cluster. Changing the Controller results in data loss during
the role change. |
Browse (Clustering tab only) | The Clustering tab
lists the WildFire appliance nodes in the cluster. Browse to
view and add standalone WildFire appliances that the Panorama device
already manages:
The first WildFire appliance you add to
a cluster automatically becomes the Controller node. The second
WildFire appliance you add automatically becomes the Controller
Backup node. You can add up to 20 WildFire appliances to a
cluster. After adding the Controller and Controller Backup nodes,
all subsequent added nodes are Worker nodes. |
Delete (Clustering tab only) | Select one or more appliances from the Appliance
list and then Delete them from the cluster.
You can remove a Controller node only if there are two Controller
nodes in the cluster. |
Manage Controller (Clustering tab
only) | Select Manage Controller to
specify a Controller and a Controller Backup from
the WildFire appliance nodes that belong to the cluster. The current
Controller node and backup Controller node are selected by default.
The backup Controller node can’t be the same node as the primary
Controller node. |
Communication tab | |
Customize Secure Server Communication |
|
Secure Client Communication | Using Secure Client
Communication ensures that WildFire uses configured
custom certificates (instead of the default predefined certificate)
to authenticate SSL connections with another WildFire appliance.
|
Secure Cluster Communication | Select Enable to
encrypt communications between WildFire appliances. The default
certificate uses the predefined certificate type. To use a user-defined
custom certificate, you must configure Customize Secure
Server Communication and enable Custom Certificate
Only. |