https://live.paloaltonetworks.com/t5/general-topics/wild-fire-internet-access-physical-setup/m-p/540643#M110880 <P>Hello,</P> <P>You should follow best practices and have the devices management interfaces protected. As for the 'Special' interfaces for the sandbox traffic, that should be unfiltered. This can be done from behind a Palo Alto, such as virtual wire, for outbound only traffic, etc. This way the appliance can reach out to bad URL's and get additional information on malware and other attribution, etc.</P> <P>&nbsp;</P> <P>Regards,</P> Mon, 01 May 2023 18:22:44 GMT OtakarKlier 2023-05-01T18:22:44Z https://live.paloaltonetworks.com/t5/general-topics/wild-fire-internet-access-physical-setup/m-p/540550#M110861 <P>Physical Appliance require a direct internet access or dirty link ?&nbsp;</P> Sun, 30 Apr 2023 09:44:53 GMT https://live.paloaltonetworks.com/t5/general-topics/wild-fire-internet-access-physical-setup/m-p/540550#M110861 ABE-Security 2023-04-30T09:44:53Z https://live.paloaltonetworks.com/t5/general-topics/wild-fire-internet-access-physical-setup/m-p/540643#M110880 <P>Hello,</P> <P>You should follow best practices and have the devices management interfaces protected. As for the 'Special' interfaces for the sandbox traffic, that should be unfiltered. This can be done from behind a Palo Alto, such as virtual wire, for outbound only traffic, etc. This way the appliance can reach out to bad URL's and get additional information on malware and other attribution, etc.</P> <P>&nbsp;</P> <P>Regards,</P> Mon, 01 May 2023 18:22:44 GMT https://live.paloaltonetworks.com/t5/general-topics/wild-fire-internet-access-physical-setup/m-p/540643#M110880 OtakarKlier 2023-05-01T18:22:44Z