Enable Free WildFire Forwarding
WildFire is a cloud-based virtual environment
that analyzes and executes unknown samples (files and email links)
and determines the samples to be malicious, phishing, grayware,
or benign. With WildFire enabled, a Palo Alto Networks firewall
can forward unknown samples to WildFire for analysis. For newly-discovered
malware, WildFire generates a signature to detect the malware and
distributes it to all firewalls with active WildFire subscription
within minutes. This enables all Palo Alto next-generation firewalls
worldwide to detect and prevent malware found by a single firewall.
Malware signatures often match multiple variants of the same malware
family, and as such, block new malware variants that the firewall
has never seen before. The Palo Alto Networks threat research team
uses the threat intelligence gathered from malware variants to block
malicious IP addresses, domains, and URLs.
A basic WildFire
service is included as part of the Palo Alto Networks next-generation
firewall and does not require a WildFire subscription. With the
basic WildFire service, you can enable the firewall to forward portable
executable (PE) files. Additionally, if you do not have a WildFire
subscription, but you do have a Threat Prevention subscription,
you can receive signatures for malware WildFire identifies every
24- 48 hours (as part of the Antivirus updates).
Beyond the
basic WildFire service, a WildFire subscription is required
for the firewall to:
- Get the latest WildFire signatures within a minute of availability—new signatures are released every five minutes.
- Forward advanced file types and email links for analysis.
- Use the WildFire API.
- Use a WildFire appliance to host a WildFire private cloud or a WildFire hybrid cloud.
If you have a WildFire
subscription, go ahead and get started with WildFire to
get the most out of your subscription. Otherwise, take the following steps
to enable basic WildFire forwarding:
- Confirm that your firewall is registered and that you have a valid support account as well as any subscriptions you require.
- Log in to the Palo Alto Networks Customer Support Portal(CSP) and on the left-hand side navigation pane, select.AssetsDevices
- Verify that the firewall is listed. If it is not listed, selectRegister New Deviceand continue to Register the Firewall.
- (Optional) If you have a Threat Prevention subscription, be sure to Activate Subscription Licenses.
- Log in to the firewall and configure WildFire forwarding settings.
- Selectand edit the General Settings.DeviceSetupWildFire
- Set theWildFire Public Cloudfield to forward files to the WildFire global cloud at:wildfire.paloaltonetworks.com.You can also forward files to a regional cloud or a private cloud based on your location and your organizational requirements.
- Review theFile Size Limitsfor PEs the firewall forwards for WildFire analysis. set theSize Limitfor PEs that the firewall can forward to the maximum available limit of 10 MB.As a WildFire best practice, set theSize Limitfor PEs to the maximum available limit of 10 MB.
- ClickOKto save your changes.
- Enable the firewall to forward PEs for analysis.
- SelectandObjectsSecurity ProfilesWildFire AnalysisAdda new profile rule.
- Namethe new profile rule.
- Adda forwarding rule and enter aNamefor it.
- In theFile Typescolumn, addpefiles to the forwarding rule.
- In theAnalysiscolumn, selectpublic-cloudto forward PEs to the WildFire public cloud.
- ClickOK.
- Apply the new WildFire Analysis profile to traffic that the firewall allows.
- Selectand either select an existing policy rule or create a new policy rule as described in Set Up a Basic Security Policy.PoliciesSecurity
- SelectActionsand in the Profile Settings section, set theProfile TypetoProfiles.
- Select theWildFire Analysisprofile you just created to apply that profile rule to all traffic this policy rule allows.
- ClickOK.
- Enable the firewall to forward decrypted SSL traffic for WildFire analysis.
- Review and implement WildFire best practices to ensure that you are getting the most of WildFire detection and prevention capabilities.
- Commityour configuration updates.
- Verify that the firewall is forwarding PE files to the WildFire public cloud.Selectto view log entries for PEs the firewall successfully submitted for WildFire analysis. The Verdict column displays whether WildFire found the PE to be malicious, grayware, or benign. (WildFire only assigns the phishing verdict to email links). The Action column indicates whether the firewall allowed or blocked the sample. The Severity column indicates how much of a threat a sample poses to an organization using the following values: critical, high, medium, low, information.MonitorLogsWildFire Submissions
- (Threat Prevention subscription only) If you have a Threat Prevention subscription, but do not have a WildFire subscription, you can still receive WildFire signature updates every 24- 48 hours.
- Select.DeviceDynamic Updates
- Check that the firewall is scheduled to download, and install Antivirus updates.
Recommended For You
Recommended Videos
Recommended videos not found.