For deployments with privacy and legal regulations
that restrict the transfer of files outside your network, you can
set up your ESM to integrate with a private WildFire cloud. To set
up the private cloud, you must install an on-premise WF-500 appliance.
This appliance supports up to 40,000 Traps agents.
an unknown file attempts to run on your endpoints, the WF-500 appliance
queries the WildFire public cloud to obtain the verdict and analyzes
the executable file in the local private sandbox. By default, the
WF-500 appliance does not send discovered malware outside your network,
however, you can choose to automatically forward malware to the
WildFire public cloud to generate and distribute signatures to all
Palo Alto Networks firewalls with Threat Prevention and WildFire
licenses. Otherwise, the WF-500 appliance only forwards the malware
report (and not the sample itself) to the WildFire public cloud.
enable the ESM Server to verify and trust the identity of the WF-500
appliance, you obtain the WF-500 Root CA certificate from Support
and import it on each ESM Server.
To integrate a WF-500 application
in with your ESM deployment, use the following workflow:
On each ESM Server, import the WF-500 Root CA
certificate (Palo Alto Networks Root CA 1) into the Trusted Root
Contact Support to obtain the WF-500 Root CA certificate
and save it to a location you can access from the ESM Server.
On the ESM Server, open the Microsoft Management Console
add the Certificates snap-in for the Computer account.
, and then click
Certificates (Local Computer)
Trusted Root Certification
and then select
Browse to the certificate you saved in the previous
step and then click
. The certificate
import wizard displays details about the Trusted Root CA certificate.
Configure WildFire Integration in the ESM Console.