Free wildfire

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Free wildfire

L4 Transporter

I thought there was a limited version of wildfire that you could use for PE files. But it isn't working, I do a test registration and it fails. Is there something that is missing in the instruction that I have

 

https://live.paloaltonetworks.com/t5/Articles/Wildfire-Configuration-Testing-and-Monitoring/ta-p/577...

52 REPLIES 52

Good point reaper!

I will check this out reaper - I agree good point but it also needs to be included on the limited version of wildfire instructions

Mine is already set to use management interface for all

i've updated both the wildfire config and testing and the Discussion of the Week with some additional pointers 

 

if all your service routes are currently still the default (mgmt) there should already be a rule that allows your dynamic updates and software updates (if not you may consider creating a policy to support all these in one go, or opt for the service routes as mentioned above)

 

a good cli command to figure out which rule would allow your management outbound traffic is :

 

> test security-policy-match source <management-IP> destination 199.167.52.13 protocol 7 destination-port 443

 

the destination ip is from our updates server

 

 

regards

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

In 6.1 and below, wildfire is tied to a "File Blocking" profile. Create a profile that detects any file type for any application and set the action to "forward". This should start sending MD5 hashes to Wildfire. 7.0 has changed things. I am looking for the config guide as I write this.

 

SK

This was my result of that command and that doesn't seem right to me

 

provine@sis-pamgt(active)> test security-policy-match source 136.176.190.223 destination 174.129.224.44 protocol 7 destination-port 443

EMB-QUICKCARD-OUT_0000 {
        from any;
        source 136.176.128.0/18;
        source-region none;
        to [ BUILDINGTECH LEGACYQUICKCARD ];
        destination any;
        destination-region none;
        user any;
        category any;
        application/service  any/any/any/any;
        action allow;
        terminal yes;

that does look a little odd, can you go ahead and add "to <internet zone>" to the test command ?

so it will look something like this:

provine@sis-pamgt(active)> test security-policy-match source 136.176.190.223 destination 174.129.224.44 protocol 7 destination-port 443 to untrust


regards
Tom
Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

I did as you said and test security-policy-match source 136.176.190.223 destination 174.129.224.44 protocol 7 destination-port 443 outside and still got the same result as in the previous reply

  • 17917 Views
  • 52 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!