1. Home
    2. WildFire
    3. WildFire Administrator's Guide
    4. Set Up and Manage a WildFire Appliance
    5. Set Up the WildFire Appliance VM Interface
    6. Connect the Firewall to the WildFire Appliance VM Interface

    Connect the Firewall to the WildFire Appliance VM Interface

    The following example workflow describes how to connect the VM interface to a port on a Palo Alto Networks firewall. Before connecting the VM interface to the firewall, the firewall must already have an Untrust zone connected to the Internet. In this example, you configure a new zone named wf-vm-zone that will contain the interface used to connect the VM interface on the appliance to the firewall. The policy associated with the wf-vm-zone will only allow communication from the VM interface to the Untrust zone.
    1. Configure the interface on the firewall that the VM interface will connect to and set the virtual router.
      The wf-vm-zone should only contain the interface (ethernet1/3 in this example) used to connect the VM interface on the appliance to the firewall. This is done to avoid having any traffic generated by the malware from reaching other networks.
      1. From the web interface on the firewall, select
        Network
        Interfaces
         and then select an interface, for example
        Ethernet1/3
        .
      2. In the
        Interface Type
         drop-down, select
        Layer3
        .
      3. On the
        Config
         tab, from the
        Security Zone
         drop-down box, select
        New Zone
        .
      4. In the Zone dialog
        Name
         field, enter wf-vm-zone and click
        OK
        .
      5. In the
        Virtual Router
         drop-down box, select
        default
        .
      6. To assign an IP address to the interface, select the
        IPv4
         tab, click
        Add
         in the IP section, and enter the IP address and network mask to assign to the interface, for example 10.16.0.0/22.
      7. To save the interface configuration, click
        OK
        .
    2. Create a security policy on the firewall to allow access from the VM interface to the Internet and block all incoming traffic. In this example, the policy name is WildFire VM Interface. Because you will not create a security policy from the Untrust zone to the wf-vm-interface zone, all inbound traffic is blocked by default.
      1. Select
        Policies
        Security
         and click
        Add
      2. In the
        General
         tab, enter a
        Name
        .
      3. In the
        Source
         tab, set the
        Source Zone
         to
        wf-vm-zone
        .
      4. In the
        Destination
         tab, set the
        Destination Zone
         to
        Untrust
        .
      5. In the
        Application
         and
        Service/URL Category
         tabs, leave the default as
        Any
        .
      6. In the
        Actions
         tab, set the
        Action Setting
         to
        Allow
        .
      7. Under
        Log Setting
        , select the
        Log at Session End
         check box.
        If there are concerns that someone might inadvertently add other interfaces to the wf-vm-zone, clone the WildFire VM Interface security policy and then in the
        Action
         tab for the cloned rule, select
        Deny
        . Make sure this new security policy is listed below the WildFire VM interface policy. This will override the implicit intra-zone allow rule that allows communications between interfaces in the same zone and will deny/block all intra-zone communication.
    3. Connect the cables.
      Physically connect the VM interface on the WildFire appliance to the port you configured on the firewall (Ethernet 1/3 in this example) using a straight through RJ-45 cable. The VM interface is labeled
      1
       on the back of the appliance.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo