Get Started with Advanced WildFire
Focus
Focus
Advanced WildFire

Get Started with Advanced WildFire

Table of Contents

Get Started with Advanced WildFire

Where Can I Use This?
What Do I Need?
  • Prisma Access (Cloud Management)
  • Prisma Access (Panorama Managed)
  • NGFW (Cloud Managed)
  • NGFW (PAN-OS or Panorama Managed)
  • VM-Series
  • CN-Series
  • Advanced WildFire License
    For
    Prisma Access
    , this is usually included with your
    Prisma Access
    license.
The following steps provide a quick workflow to get started with Advanced WildFire™ on the firewall. If you’d like to learn more about Advanced WildFire before getting started, take a look at the Advanced WildFire Overview and review the Advanced WildFire Best Practices.
For information about using the WildFire private cloud or hybrid cloud, refer to the WildFire Appliance administration.
I you are using Advanced WildFire on
Prisma Access
, familiarize yourself with the product before configuring your WildFire Analysis Security Profile to Forward Files for Advanced WildFire Analysis.
  1. Get your Advanced WildFire or WildFire subscription. If you do not have a subscription, you can still forward PEs for WildFire analysis.
  2. Decide which of the Advanced WildFire Deployments works for you:
    • Advanced WildFire Public Cloud—Forward samples to a Palo Alto Networks-hosted Advanced WildFire public cloud.
    • WildFire U.S. Government cloud—Forward samples to a Palo Alto Networks-hosted WildFire U.S. Government cloud.
    If you are deploying a WildFire private or hybrid cloud, refer to the WildFire Appliance administration.
  3. Confirm your license is active on the firewall.
    1. Log in to the firewall.
    2. Select
      Device
      Licenses
      and check that the WildFire License is active.
      If the WildFire License is not displayed, select one of the License Management options to activate the license.
  4. Connect the firewall to WildFire and configure WildFire settings.
    1. Select
      Device
      Setup
      WildFire
      and edit General Settings.
    2. Use
      WildFire Public Cloud
      field to forward samples to the Advanced WildFire public cloud.
    3. It is a Advanced WildFire Best Practices to set the
      File Size
      for PEs to the maximum size limit of 10 MB, and to leave the
      File Size
      for all other file types set to the default value.
    4. Click
      OK
      to save the WildFire General Settings.
  5. Start submitting samples for analysis.
    1. Define traffic to forward for WildFire analysis. (Select
      Objects
      Security Profiles
      WildFire Analysis
      and modify or
      Add
      a WildFire Analysis profile).
      As a best practice, use the WildFire Analysis default profile to ensure complete coverage for traffic the firewall allows. If you still decide to create a custom WildFire Analysis profile, set the profile to forward
      Any
      file type—this enables the firewall to automatically start forwarding newly-supported file types for analysis.
    2. For each profile rule, set
      public-cloud
      as the
      Destination
      to forward samples to the Advanced WildFire cloud for analysis.
    3. Attach the WildFire analysis profile to a security policy rule. Traffic matched to the policy rule is forwarded for WildFire analysis (
      Policies
      Security
      and
      Add
      or modify a security policy rule).
  6. Enable the firewall to get the latest Advanced WildFire signatures.
    New Advanced WildFire signatures are retrieved in real-time to detect and identify malware. If you are operating PAN-OS 9.1 or earlier, you can receive new signatures every five minutes.
    • PAN-OS 9.1 and earlier
      1. Select
        Device
        Dynamic Updates
        :
        • Check that
          WildFire
          updates are displayed.
        • Select
          Check Now
          to retrieve the latest signature update packages.
      2. Set the
        Schedule
        to download and install the latest Advanced WildFire signatures.
      3. Use the
        Recurrence
        field to set the frequency at which the firewall checks for new updates to
        Every Minute
        .
        As new WildFire signatures are available every five minutes, this setting ensures the firewall retrieves these signatures within a minute of availability.
      4. Enable the firewall to
        Download and Install
        these updates as the firewall retrieves them.
      5. Click
        OK
        .
    • PAN-OS 10.0 and later
      1. Select
        Device
        Dynamic Updates
        :
      2. Check that the
        WildFire
        updates are displayed.
      3. Select Schedule to configure the update frequency and then use the
        Recurrence
        field to configure the firewall to retrieve WildFire signatures in
        Real-time
        .
      4. Click
        OK
        .
  7. Start scanning traffic for threats, including malware that Advanced WildFire identifies.
    Attach the
    default
    Antivirus profile to a security policy rule to scan traffic the rules allows based on WildFire antivirus signatures (select
    Policies
    Security
    and add or a modify the defined
    Actions
    for a rule).
  8. Control site access to web sites where Advanced WildFire has identified the associated link as malicious or phishing.
    This option requires a PAN-DB URL Filtering license. Learn more about URL Filtering and how it enables you to control web site access and corporate credential submissions (to prevent phishing attempts) based on URL category.
    To configure URL Filtering:
    1. Select
      Objects
      Security Profiles
      URL Filtering
      and
      Add
      or modify a URL Filtering profile.
    2. Select
      Categories
      and define
      Site Access
      for the phishing and malicious URL categories.
    3. Block
      users from accessing sites in these categories altogether, or instead, allow access but generate an
      Alert
      when users access sites in these categories, to ensure you have visibility into such events.
    4. Enable credential phishing prevention to stop users from submitting credentials to untrusted sites, without blocking their access to these sites.
    5. Apply the new or updated URL Filtering profile, and attach it to a security policy rule to apply the profile settings to allowed traffic:
      1. Select
        Policies
        Security
        and
        Add
        or modify a security policy rule.
      2. Select
        Actions
        and in the Profile Setting section, set the
        Profile Type
        to profiles.
      3. Attach the new or updated
        URL Filtering
        profile to the security policy rule.
      4. Click
        OK
        to save the security policy rule.
  9. Confirm that the firewall is successfully forwarding samples.
    • If you enabled logging of benign files, select
      Monitor
      WildFire Submissions
      and check that entries are being logged for benign files submitted for analysis. (If you’d like to disable logging of benign files after confirming that the firewall is connected to a WildFire cloud, select
      Device
      Setup
      WildFire
      and clear
      Report Benign Files
      ).
    • Other options to allow you to confirm that the firewall forwarded a specific sample, view samples the firewall forwards according to file type, and to view the total number of samples the firewall forwards.
    • Test a Sample Malware File to test your complete WildFire configuration.
  10. Next step:
    Review and implement Advanced WildFire Best Practices.

Recommended For You