End-of-Life (EoL)
Description
Configure Wildfire settings on the WF-500 appliance. You can configure forwarding of malicious files, define the cloud server that receives malware infected files, and enable or disable the vm-interface.
Hierarchy Location
set deviceconfig settings
Syntax
wildfire {
active-vm;
cloud-server <value>;
vm-network-enable {no | yes};
vm-network-use-tor {enable | disable};
cloud-intelligence {
submit-report {no | yes};
submit-sample {no | yes};
signature-generation {
av {no | yes};
dns {no | yes};
url {no | yes};
{
{
{
Options
+ active-vm — Select the virtual machine environment that WildFire will use for sample analysis. Each vm has a different configuration, such as Windows XP, a specific versions of Flash, Adobe reader, etc. To view which VM is selected, run the following command: show wildfire status and view the Selected VM field. To view the VM environment information, run the following command: show wildfire vm-images .
+ cloud-server — Hostname for the cloud server that the appliance will forward malicious samples/reports to for a re-analysis. The default cloud server is wildfire-public-cloud. To configure forwarding, use the following command: set deviceconfig setting wildfire cloud-intelligence .
+ vm-network-enable — Enable or disable the vm-network. When enabled, sample files running in the virtual machine sandbox can access the Internet. This helps WildFire better analyze the behavior of the malware to look for things like phone home activity.
+ vm-network-use-tor — Enable or disable the Tor network for the vm-interface. When this option is enabled, any malicious traffic coming from the sandbox systems on the WF-500 appliance during sample analysis is sent through the Tor network. The Tor network will mask your public facing IP address, so the owners of the malicious site cannot determine the source of the traffic.
+ cloud-intelligence — Configure the appliance to submit WildFire reports or samples to the Palo Alto Networks WildFire cloud. The submit report option will send reports for malicious samples to the cloud for statistical gathering. The submit sample option will send malicious samples to the cloud. If submit-sample enabled, there is no need to enable submit-report because the sample is re-analyzed in the cloud and a new report and signature is generated if the sample is malicious.
+ signature-generation — Enable the appliance to generate signatures locally, eliminating the need to send any data to the public cloud in order to block malicious content. The WF-500 appliance will analyze files forwarded to it from Palo Alto Networks firewalls or from the WildFire API and generate antivirus and DNS signatures that block both the malicious files as well as associated command and control traffic. When the appliance detects a malicious URL, it sends the URL to PAN-DB and PAN-DB assigns it the malware category.
Sample Output
The following shows an example output of the WildFire settings.
admin@WF-500# show deviceconfig setting wildfire
wildfire {
active-vm vm-5;
cloud-intelligence {
submit-sample yes;
submit-report no;
}
cloud-server wildfire-public-cloud;
signature-generation {
av yes;
dns yes;
url yes;
}
}
Required Privilege Level
superuser, deviceadmin

Recommended For You