End-of-Life (EoL)

Connect the Firewall to the WildFire Appliance VM Interface

The following example workflow describes how to connect the VM interface to a port on a Palo Alto Networks firewall. Before connecting the VM interface to the firewall, the firewall must already have an Untrust zone connected to the Internet. In this example, you configure a new zone named wf-vm-zone that will contain the interface used to connect the VM interface on the appliance to the firewall. The policy associated with the wf-vm-zone will only allow communication from the VM interface to the Untrust zone.
  1. Configure the interface on the firewall that the VM interface will connect to and set the virtual router.
    The wf-vm-zone should only contain the interface (ethernet1/3 in this example) used to connect the VM interface on the appliance to the firewall. This is done to avoid having any traffic generated by the malware from reaching other networks.
    1. From the web interface on the firewall, select
      Network
      Interfaces
      and then select an interface, for example
      Ethernet1/3
      .
    2. In the
      Interface Type
      drop-down, select
      Layer3
      .
    3. On the
      Config
      tab, from the
      Security Zone
      drop-down box, select
      New Zone
      .
    4. In the Zone dialog
      Name
      field, enter wf-vm-zone and click
      OK
      .
    5. In the
      Virtual Router
      drop-down box, select
      default
      .
    6. To assign an IP address to the interface, select the
      IPv4
      tab, click
      Add
      in the IP section, and enter the IP address and network mask to assign to the interface, for example 10.16.0.0/22.
    7. To save the interface configuration, click
      OK
      .
  2. Create a security policy on the firewall to allow access from the VM interface to the Internet and block all incoming traffic. In this example, the policy name is WildFire VM Interface. Because you will not create a security policy from the Untrust zone to the wf-vm-interface zone, all inbound traffic is blocked by default.
    1. Select
      Policies
      Security
      and click
      Add
    2. In the
      General
      tab, enter a
      Name
      .
    3. In the
      Source
      tab, set the
      Source Zone
      to
      wf-vm-zone
      .
    4. In the
      Destination
      tab, set the
      Destination Zone
      to
      Untrust
      .
    5. In the
      Application
      and
      Service/ URL Category
      tabs, leave the default as
      Any
      .
    6. In the
      Actions
      tab, set the
      Action Setting
      to
      Allow
      .
    7. Under
      Log Setting
      , select the
      Log at Session End
      check box.
      If there are concerns that someone might inadvertently add other interfaces to the wf-vm-zone, clone the WildFire VM Interface security policy and then in the
      Action
      tab for the cloned rule, select
      Deny
      . Make sure this new security policy is listed below the WildFire VM interface policy. This will override the implicit intra-zone allow rule that allows communications between interfaces in the same zone and will deny/block all intra-zone communication.
  3. Connect the cables.
    Physically connect the VM interface on the WildFire appliance to the port you configured on the firewall (Ethernet 1/3 in this example) using a straight through RJ-45 cable. The VM interface is labeled
    1
    on the back of the appliance.

Recommended For You