Antivirus Profile - Wildfire Inline ML - best approach to enabling?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Antivirus Profile - Wildfire Inline ML - best approach to enabling?

L4 Transporter

We currently have the ability to use WildFire Inline ML via the Antivirus Profile settings on our PA-5220's.  However, all models currently are set to ACTION = DISABLE. I do NOT know why other than either that is what it defaulted to on a previous upgrade or my predecessor had a reason to leave it off.

 

What is the best approach to activating this without potentially causing issues with false positives but NOT leaving us more vulnerable while we turn it up?

 

I assume setting the action to ALERT-ONLY (override more strict actions to alert) would be the option to choose but the I'm concerned by it overriding more strict options it is effectively going to turn OFF scanning/analysis that is already in effect.

 

I'd appreciate any insight from others with more experience.

 

Thank you.

 

1 accepted solution

Accepted Solutions

Community Team Member

Hi @TonyDeHart ,

 

The Advanced Wildfire Inline ML compliments your Threat Prevention License with basic Wildfire capabilities. Using the Wildfire Inline ML will not turn off scanning/analysis in security profiles that are attached to existing security policies. 

 

Consider creating and placing your alert-only Wildfire Inline ML enhanced security policies below your existing security policies in select zones where you are able to test and monitor the new capability in your environment. 

 

 

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

View solution in original post

2 REPLIES 2

Community Team Member

Hi @TonyDeHart ,

 

The Advanced Wildfire Inline ML compliments your Threat Prevention License with basic Wildfire capabilities. Using the Wildfire Inline ML will not turn off scanning/analysis in security profiles that are attached to existing security policies. 

 

Consider creating and placing your alert-only Wildfire Inline ML enhanced security policies below your existing security policies in select zones where you are able to test and monitor the new capability in your environment. 

 

 

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

L4 Transporter

Thanks for the suggestion. I'll see where they may be a place that is appropriate but I can't think off hand right now where there would be a place for it that traffic would ever reach since anything valid (outside of intrazone) would hit other rules above it.  Perhaps I can also place a rule above somewhere with a very limited scope to see how it fairs before a wider application.

  • 1 accepted solution
  • 1439 Views
  • 2 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!