Connect the Firewall to the WildFire Appliance VM Interface
The following example workflow describes how to connect the VM interface to a port on a Palo Alto Networks firewall. Before connecting the VM interface to the firewall, the firewall must already have an Untrust zone connected to the Internet. In this example, you configure a new zone named wf-vm-zone that will contain the interface used to connect the VM interface on the appliance to the firewall. The policy associated with the wf-vm-zone will only allow communication from the VM interface to the Untrust zone.
- Configure the interface on the firewall that the VM interface will connect to and set the virtual router.The wf-vm-zone should only contain the interface (ethernet1/3 in this example) used to connect the VM interface on the appliance to the firewall. This is done to avoid having any traffic generated by the malware from reaching other networks.
- From the web interface on the firewall, selectand then select an interface, for exampleNetworkInterfacesEthernet1/3.
- In theInterface Typedrop-down, selectLayer3.
- On theConfigtab, from theSecurity Zonedrop-down box, selectNew Zone.
- In the Zone dialogNamefield, enter wf-vm-zone and clickOK.
- In theVirtual Routerdrop-down box, selectdefault.
- To assign an IP address to the interface, select theIPv4tab, clickAddin the IP section, and enter the IP address and network mask to assign to the interface, for example 10.16.0.0/22.
- To save the interface configuration, clickOK.
- Create a security policy on the firewall to allow access from the VM interface to the Internet and block all incoming traffic. In this example, the policy name is WildFire VM Interface. Because you will not create a security policy from the Untrust zone to the wf-vm-interface zone, all inbound traffic is blocked by default.
- Selectand clickPoliciesSecurityAdd
- In theGeneraltab, enter aName.
- In theSourcetab, set theSource Zonetowf-vm-zone.
- In theDestinationtab, set theDestination ZonetoUntrust.
- In theApplicationandService/ URL Categorytabs, leave the default asAny.
- In theActionstab, set theAction SettingtoAllow.
- UnderLog Setting, select theLog at Session Endcheck box.If there are concerns that someone might inadvertently add other interfaces to the wf-vm-zone, clone the WildFire VM Interface security policy and then in theActiontab for the cloned rule, selectDeny. Make sure this new security policy is listed below the WildFire VM interface policy. This will override the implicit intra-zone allow rule that allows communications between interfaces in the same zone and will deny/block all intra-zone communication.
- Connect the cables.Physically connect the VM interface on the WildFire appliance to the port you configured on the firewall (Ethernet 1/3 in this example) using a straight through RJ-45 cable. The VM interface is labeled1on the back of the appliance.
Recommended For You
Recommended videos not found.