Free wildfire

cancel
Showing results for 
Search instead for 
Did you mean: 

Free wildfire

L4 Transporter

I thought there was a limited version of wildfire that you could use for PE files. But it isn't working, I do a test registration and it fails. Is there something that is missing in the instruction that I have

 

https://live.paloaltonetworks.com/t5/Articles/Wildfire-Configuration-Testing-and-Monitoring/ta-p/577...

52 REPLIES 52

SSL decryption and quic disabled for chrome browsers enabled our free version of wildfire to work as well, one note was that I couldn't see WildFire entries in the WildFire logs on PAN-OS 5 but I could see it in the web portal(https://wildfire.paloaltonetworks.com/wildfire/reportlist)..after I upgraded to PAN-OS 6 I was able to see the wildfire entries in the firewall log as well.

I am already on OS 6.1 but I do not have decryption enabled because I thought it required a license and I did not know it was necessary for the limited version of wildfire

SSL Decryption is not necessary for a wildfire (free or licensed). It is necessary to analyze files that were downloaded via SSL. To test free Wildfire only you should download a test file from http://wildfire.paloaltonetworks.com/publicapi/test/pe. File will be downloaded in clear text, therefore no SSL decryption is required and you will be able to confirm that your Wildfire configuration is correct.

Yes I downloaded the file and nothing happened. I have a ticket in with PA TAC but they just keep blowing me off.

Is wildfire-test-pe-file.exe visible in Data Filtering logs? You should see two entries in that log: Forward and wildfire-upload-success.

Capture.JPG

Nope not visible in the monitor\wildfire submission, data filtering or threat log. I have the rule set to continure and forward.

In that case I would say it is one of the following:

  • Your File Blocking profile is configured incorrectly
  • Your File Blocking profile is not applied to the correct security rule
  • You are using SSL

 Can you download testfile again via http and then paste details of the session from the traffic log?

This is the link I used so I am already using the non-encrypted with http

 

http://wildfire.paloaltonetworks.com/publicapi/tes​t/

 

I didnt see it posted and we dont have visibility into your settings, however was the 'File Blocking' profile you created for wildfire set to the security poicy you have for clients to browse the web?

 

I know its a silly question, but if its not added to the security policy the clients use to download files, it wont catch anything. Check the logs to see which policy is being hit when you download the testpe file and make sure that the file blocking profile is applied to it.

I understand that my clients need web access in order to download and run the file. I was able to download and run the file but nothing showed up in the data filter, wildfire submissions or the threat log.

Early on I had the TAC remote in and verify that my configuration was correct, just like the licensed version without the license.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!