Get Started with WildFire
The following steps provide a quick workflow to get started with WildFire™. If you’d like to learn more about WildFire before getting started, take a look at the WildFire Overview and review the WildFire Best Practices.
- Get your WildFire Subscription. If you do not have a WildFire subscription, you can still forward PEs for WildFire analysis (PAN-OS 9.1, 10.0, 10.1, 10.2).
- Decide which of the WildFire Deployments works for you:
- WildFire Public Cloud—Forward samples to a Palo Alto Networks-hosted WildFire public cloud.
- WildFire U.S. Government cloud—Forward samples to a Palo Alto Networks-hosted WildFire U.S. Government cloud.
- WildFire Private Cloud—(Requires a WildFire appliance) Forward samples to a local WildFire appliance that resides on your network.
- WildFire Hybrid Cloud—(Requires a WildFire appliance) Forward some samples to the WildFire public cloud and some samples to a WildFire private cloud.
- Confirm your WildFire license is active on the firewall.
- Log in to the firewall.
- Selectand check that the WildFire License is active.DeviceLicensesIf the WildFire License is not displayed, select one of the License Management options to activate the license.
- Connect the firewall to WildFire and configure WildFire settings.
- Selectand edit General Settings.DeviceSetupWildFire
- It is a recommended WildFire best practice to set theFile Sizefor PEs to the maximum size limit of 10 MB, and to leave theFile Sizefor all other file types set to the default value.
- ClickOKto save the WildFire General Settings.
- Start submitting samples for WildFire analysis.
- As a best practice, use the WildFire Analysis default profile to ensure complete WildFire coverage for traffic the firewall allows. If you still decide to create a custom WildFire Analysis profile, set the profile to forwardAnyfile type—this enables the firewall to automatically start forwarding newly-supported file types for analysis.
- For each profile rule, set the WildFire DeploymentsDestinationto which you want the firewall to forward samples for analysis—public-cloudor theprivate-cloud.
- Enable the firewall to get the latest WildFire signatures.New WildFire signatures are retrieved in real-time to detect and identify malware. If you are operating PAN-OS 9.1 or earlier, you can receive new signatures every five minutes.
- PAN-OS 9.1 and earlier
- Select:DeviceDynamic Updates
- (WildFire public and hybrid cloud) Check thatWildFireupdates are displayed.
- SelectCheck Nowto retrieve the latest signature update packages.
- Set theScheduleto download and install the latest WildFire signatures.
- Use theRecurrencefield to set the frequency at which the firewall checks for new updates toEvery Minute.As new WildFire signatures are available every five minutes, this setting ensures the firewall retrieves these signatures within a minute of availability.
- Enable the firewall toDownload and Installthese updates as the firewall retrieves them.
- PAN-OS 10.0 and later
- Select:DeviceDynamic Updates
- Check that theWildFireupdates are displayed.
- Select Schedule to configure the update frequency and then use theRecurrencefield to configure the firewall to retrieve WildFire signatures inReal-time.
- Attach thedefaultAntivirus profile to a security policy rule to scan traffic the rules allows based on WildFire antivirus signatures (selectand add or a modify the definedPoliciesSecurityActionsfor a rule).
- Control site access to web sites where WildFire has identified the associated link as malicious or phishing.
- SelectandObjectsSecurity ProfilesURL FilteringAddor modify a URL Filtering profile.
- SelectCategoriesand defineSite Accessfor the phishing and malicious URL categories.
- Blockusers from accessing sites in these categories altogether, or instead, allow access but generate anAlertwhen users access sites in these categories, to ensure you have visibility into such events.
- Apply the new or updated URL Filtering profile, and attach it to a security policy rule to apply the profile settings to allowed traffic:
- SelectandPoliciesSecurityAddor modify a security policy rule.
- SelectActionsand in the Profile Setting section, set theProfile Typeto profiles.
- Attach the new or updatedURL Filteringprofile to the security policy rule.
- ClickOKto save the security policy rule.
- Confirm that the firewall is successfully forwarding samples.
- If you enabled logging of benign files, selectand check that entries are being logged for benign files submitted to WildFire. (If you’d like to disable logging of benign files after confirming that the firewall is connected to WildFire, selectMonitorWildFire Submissionsand clearDeviceSetupWildFireReport Benign Files).
- Other options to allow you to confirm that the firewall forwarded a specific sample, view samples the firewall forwards according to file type, and to view the total number of samples the firewall forwards.
- Investigate WildFire analysis results.
- Find WildFire analysis results:
- Use the WildFire API to retrieve sample verdicts and reports from a WildFire appliance.
- Assess the risk of malware you find on your network with the AutoFocus threat intelligence portal. AutoFocus layers data from global WildFire submissions with statistics to identify pervasive and targeted malware, both on your network, within our industry, and globally.
- Next step:
Recommended For You
Recommended videos not found.