I thought there was a limited version of wildfire that you could use for PE files. But it isn't working, I do a test registration and it fails. Is there something that is missing in the instruction that I have
SSL decryption and quic disabled for chrome browsers enabled our free version of wildfire to work as well, one note was that I couldn't see WildFire entries in the WildFire logs on PAN-OS 5 but I could see it in the web portal(https://wildfire.paloaltonetworks.com/wildfire/reportlist)..after I upgraded to PAN-OS 6 I was able to see the wildfire entries in the firewall log as well.
SSL Decryption is not necessary for a wildfire (free or licensed). It is necessary to analyze files that were downloaded via SSL. To test free Wildfire only you should download a test file from http://wildfire.paloaltonetworks.com/publicapi/test/pe. File will be downloaded in clear text, therefore no SSL decryption is required and you will be able to confirm that your Wildfire configuration is correct.
In that case I would say it is one of the following:
Can you download testfile again via http and then paste details of the session from the traffic log?
I didnt see it posted and we dont have visibility into your settings, however was the 'File Blocking' profile you created for wildfire set to the security poicy you have for clients to browse the web?
I know its a silly question, but if its not added to the security policy the clients use to download files, it wont catch anything. Check the logs to see which policy is being hit when you download the testpe file and make sure that the file blocking profile is applied to it.
I understand that my clients need web access in order to download and run the file. I was able to download and run the file but nothing showed up in the data filter, wildfire submissions or the threat log.
Early on I had the TAC remote in and verify that my configuration was correct, just like the licensed version without the license.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!