Free wildfire

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Free wildfire

L4 Transporter

I thought there was a limited version of wildfire that you could use for PE files. But it isn't working, I do a test registration and it fails. Is there something that is missing in the instruction that I have

 

https://live.paloaltonetworks.com/t5/Articles/Wildfire-Configuration-Testing-and-Monitoring/ta-p/577...

52 REPLIES 52

Cyber Elite
Cyber Elite

Make sure you have a valid and up to date Threat Prevention license and definitions.

I do. I have a subcription for three years

If its failing, then I would recommend you contact support. Such as in my case, it was something they had to do but was not documented on the support portal and I cant recall the solution.

L4 Transporter

This is not resolved why is it marked as resolved

Hi Jprovine,

 

answer is simple: you won't be able to configure Wildfire service without having a license for it. You can stop trying, it won't work, and TAC can't help with that. Wildfire service is sandbox that proactively runs your code in the virtual machine before it is delivered to your end-user, that is a licensed service and you will not be able to fully use it until you purchase a license.

 

Here is the Wildfire admin guide: https://live.paloaltonetworks.com/t5/Articles/WildFire-Administrator-s-Guide-6-1-English/ta-p/54977

on page 4, there is a flowchart, I recommend opening and reading it. You were told in the other thread that you will benefit from Wildfire even if you don't have the license, but it did not catch your eye how; thing is - PAN analyses Wildfire reports from all customers that participate in cloud or that allow forwarding from their appliances, any and all malware cought in the previous period will be included into the next AV update. Those are updated frequently, and will be delivered to your device on the daily basis, meaning that you will not be more than 24 hours late to benefit from Wildfire service indirectly.

At the bottom right end of the said flowchart, you see what happens for users who are licensed for the Wildfire - their findings end up in signatures shared with everyone else. You are benefiting in the first step, but without license you are not participating in the rest of the flowchart.

 

So you are already having all the free benefits you can have provided that you are updating AV on a regular basis and of course if you are using AV profiles in the security policies.


Hope this clarifies your question.

 

Regards

 

Luciano

Wow the tone of this response is unbelievable.

Hi,

 

If you want to test all Wildfire feature, you should have a test license (1 month) on your paloalto portal (where you registered your device).

 

hope help

 

V.

TAC just showed me how to configure the limited version of wildfire

Is the procedure documented somewhere for the limited version?

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

According to TAC you configure it the same way that you do the licensed version but you don't add the license. The catch is that there are only certain types of files that it will do and PE files are one of them

Trying to test my file block profile using this link

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Test-WildFire-with-a-Fake-Malicious-...

I created a file blocking profile for PE files set to continue and forward. I went to the link and ran the fake file and nothing happened. There is nothing in the wildfire submission, data filtering or threat logs under the monitoring tab. Any suggestions?

Do you have ssl decryption enabled? I would try the non-ssl version of the test PE file.

 

wildfire.paloaltonetworks.com/publicapi/test/pe

 

I hope that is what you are asking about.

Hello Steve,

The 'limited' version is configured the same, you just dont perform the dynamic updates since you dont have the license. I hope that was what you were asking about.

 

Regards,

That is the link that I went too to test the wildfire but I was not given an option of non encrypted

  • 14902 Views
  • 52 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!