This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Does WildFire work in "Tap" mode?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Does WildFire work in "Tap" mode?

Go to solution
jambulo
L4 Transporter

‎01-30-2012 08:12 AM

We have had WildFire turned on for almost a week.  In the Data Filtering logs, it has "forwarded" numerous "PE" files and only 1 "PE" file was logged as "wildfire-upload-success".  That 1 file happened to be coming through the interfaces that are set to Virtual Wire.  All of the other files that say "Forward" are coming through "Tap" mode.

1) Can Palo Alto send files to WildFire if it's seeing the file traverse the network via Tap mode?

2) What exactly is the difference between the actions "Forward" and "wildfire-upload-success"?

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
tettema
L3 Networker

‎01-30-2012 12:11 PM

Yes, there is no difference in WildFire behavior in tap mode vs. inline, other than the fact that in tap, you can't later us signatures generated by WildFire to block future instances of the malware, because you're not inline.

The wildfire-upload-success means the file was actually uploaded to the cloud because the cloud had not seen the file before, and it wasn't signed by a trusted signer.  In this case, the file is uploaded to be analyzed.  A "forward" action simply means that the WildFire action was taken for the file, but didn't result in an actual file upload (because it was a trusted file, or WildFire has already seen the file).

View solution in original post

0 Likes Likes
3 REPLIES 3

Go to solution
tettema
L3 Networker

‎01-30-2012 12:11 PM

Yes, there is no difference in WildFire behavior in tap mode vs. inline, other than the fact that in tap, you can't later us signatures generated by WildFire to block future instances of the malware, because you're not inline.

The wildfire-upload-success means the file was actually uploaded to the cloud because the cloud had not seen the file before, and it wasn't signed by a trusted signer.  In this case, the file is uploaded to be analyzed.  A "forward" action simply means that the WildFire action was taken for the file, but didn't result in an actual file upload (because it was a trusted file, or WildFire has already seen the file).

0 Likes Likes

Go to solution
mlop
Not applicable
In response to tettema

‎07-20-2012 03:01 AM

Hello,

My Palo Alto is configured in two modes: Layer 3 and TAP.

I turn WildFire on.

The feature is working in Layer 3 mode (two net interfaces - one IN, the other OUT) but not in TAP mode (one dedicated net interface).

I use the same File blocking profile for the two policies.

Can you confirm WildFire is working the same way in Layer 3 and TAP mode?

Thanks for your answer.

0 Likes Likes

Go to solution
fredallee
L4 Transporter
In response to mlop

‎07-20-2012 05:59 AM

Yes, WildFire works the same in L3 and tap mode. I'm not sure why your setup isn't working only in tap mode.

0 Likes Likes
  • 1 accepted solution
  • 4524 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks