Enable Local Signature and URL Category Generation
The WildFire appliance can generate signatures locally based on the samples received from connected firewalls and the WildFire API, as an alternative to sending malware to the public cloud for signature generation. The appliance can generate the following types of signatures for the firewalls to use to block malware and any associated command and control traffic:
- Antivirus signatures—Detect and block malicious files. WildFire adds these signatures to WildFire and Antivirus content updates.
- DNS signatures—Detect and block callback domains for command and control traffic associated with malware. WildFire adds these signatures to WildFire and Antivirus content updates.
- URL categories—Categorizes callback domains as malware and updates the URL category in PAN-DB.
Configure the firewalls to retrieve the signatures generated by the WildFire appliance as frequently as every five minutes. You can also send the malware sample to the WildFire public cloud, in order to enable the signature to be distributed globally through Palo Alto Networks content releases.
Up WildFire Appliance Content Updates.This allows the WildFire appliance to receive the latest threat intelligence from Palo Alto Networks.
- Enable signature and URL category generation.
- Log in to the appliance and type configure to enter configuration mode.
- Enable all threat prevention options:
admin@WF-500# set deviceconfig setting wildfire signature-generation av yes dns yes url yes
- Commit the configuration:
admin@WF-500# commitYou can display the status of a signature for signatures generated in the WildFire 8.0.1 or later environment using the command:
admin@WF-500# show wildfire global signature-status sha256 equal <sha-256 value>WildFire appliances cannot display the status for signatures generated before the upgrade to WildFire 8.0.1.
- Set the schedule for connected firewalls to retrieve
the signatures and URL categories the WildFire appliance generates.It is a best practice to configure your firewalls to retrieve content updates from both the WildFire public cloud and WildFire appliance. This ensures that your firewalls receive signatures based on threats detected worldwide, in addition to the signatures generated by the local appliance.
multiple firewalls managed by Panorama:Launch Panorama and select PanoramaDevice DeploymentDynamic Updates, click Schedules, and Add scheduled content updates for managed devices.For details on using Panorama to set up managed firewalls to receive signatures and URL categories from a WildFire appliance, see Schedule Content Updates to Devices Using Panorama.
- For a single firewall:
- Log in to the firewall web interface and select DeviceDynamic Updates.For firewalls configured to forward files to a WildFire appliance (in either a WildFire private cloud or hybrid cloud deployment), the WF-Private section is displayed.
- Set the Schedule for the firewall to download and install content updates from the WildFire appliance.
- For multiple firewalls managed by Panorama:
Enable WildFire Appliance Analysis Features
Enable WildFire Appliance Analysis Features Set Up WildFire Appliance Content Updates Enable Local Signature and URL Category Generation Submit Locally-Discovered Malware or Reports to the ...
WildFire Subscription The basic WildFire service is included as part of the Palo Alto Networks next generation firewall and does not require a WildFire subscription. ...
About the WildFire Appliance
About the WildFire Appliance The WildFire appliance provides an on-premises WildFire private cloud, enabling you to analyze suspicious files in a sandbox environment without requiring ...
WildFire Private Cloud
WildFire Private Cloud In a Palo Alto Networks private cloud deployment, Palo Alto Networks firewalls forward files to a WildFire appliance on your corporate network ...
Get Started with WildFire
Get Started with WildFire The following steps provide a quick workflow to get started with WildFire™. If you’d like to learn more about WildFire before ...
Dynamic Content Updates
Palo Alto Networks frequently publishes updates to equip the firewall with the latest threat prevention and intelligence. ...
WildFire Signatures WildFire can discover zero-day malware in web traffic (HTTP/HTTPS), email protocols (SMTP, IMAP, and POP), and FTP traffic and can quickly generate signatures ...
Configure the WildFire Appliance
Configure the WildFire Appliance This section describes the steps required to integrate a WildFire appliance into a network and perform basic setup. Rack mount and ...
Configure General Cluster Settings Locally
Configure General Cluster Settings Locally Some general settings are optional and some general settings are pre-populated with default values. It’s best to at least check ...