Free wildfire

cancel
Showing results for 
Search instead for 
Did you mean: 

Free wildfire

L4 Transporter

I thought there was a limited version of wildfire that you could use for PE files. But it isn't working, I do a test registration and it fails. Is there something that is missing in the instruction that I have

 

https://live.paloaltonetworks.com/t5/Articles/Wildfire-Configuration-Testing-and-Monitoring/ta-p/577...

52 REPLIES 52

According to TAC you configure it the same way that you do the licensed version but you don't add the license. The catch is that there are only certain types of files that it will do and PE files are one of them

Trying to test my file block profile using this link

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Test-WildFire-with-a-Fake-Malicious-...

I created a file blocking profile for PE files set to continue and forward. I went to the link and ran the fake file and nothing happened. There is nothing in the wildfire submission, data filtering or threat logs under the monitoring tab. Any suggestions?

Do you have ssl decryption enabled? I would try the non-ssl version of the test PE file.

 

wildfire.paloaltonetworks.com/publicapi/test/pe

 

I hope that is what you are asking about.

Hello Steve,

The 'limited' version is configured the same, you just dont perform the dynamic updates since you dont have the license. I hope that was what you were asking about.

 

Regards,

That is the link that I went too to test the wildfire but I was not given an option of non encrypted

Didn't you say you were using the limited version as well? Did you have to select the benign file setting?

Hi

 

The benign setting allows for more reporting as this will also generate logs for any files that were uploaded and diagnosed as benign, but is not a necessary setting to enable the unlicensed version of WildFire.

It may come in handy when setting up WildFire for the first time to generate reports sooner, as waiting around for a malicious file can take a while.

 

 

regards

Tom

Tom Piens
PANgurus

I have it all configured and I opened the wildfire test file on a test pc and nothing is showing up in the PA wildfire submissions or data filtering logs so I don't know if its really working

Hi!

 

Did you make sure to enable ssl decryption, and is this reflected in the session details: 

2015-09-09_16-54-07.png

 

you may need to allow the management interface of your device access out to the internet or finetune any serviceroutes you have set to allow the management plane to upload files to the cloud

 

here's a couple of commands you can use to verify everything is functioning as expected:

 

 

show wildfire status
show wildfire statistics
show wildfire cloud-info

 

regards

Tom

 

Tom Piens
PANgurus

Doesn't it require a license to do decryption? Here are the results of running the commands you suggested-

 

Show wildfire status

 

Connection info:
  Wildfire cloud:                public cloud
  Status:                        Idle
  Best server:                   us-east-1.wildfire.paloaltonetworks.com
  Device registered:             yes
  Valid wildfire license:        no
  Service route IP address:      136.176.190.223
  Signature verification:        enable
  Server selection:              enable
  Through a proxy:               no

File size limit info:
  pe                                           2 MB
  apk                                         10 MB
  pdf                                        200 KB
  ms-office                                  500 KB
  jar                                          1 MB
  flash                                        5 MB

Forwarding info:
  file idle time out (second):                          90
  total file forwarded:                                  0
  file forwarded in last minute:                         0
  concurrent files:                                      0

 

show wildfire statistics

 

Packet based counters:

Total files received from DP: 0

Counters for file cancellation:

Counters for file forwarding:

        file type: apk

        file type: pdf

        file type: email-link

        file type: ms-office

        file type: pe

        file type: flash

        file type: jar

        file type: unknown

        file type: pdns

Error counters:

Reset counters:
        DP receiver reset cnt:                     113
        File cache reset cnt:                        5
        Service connection reset cnt:                7
        Log cache reset cnt:                         1
        Report cache reset cnt:                      1

Resource meters:
        data_buf_meter                               0%
        msg_buf_meter                                0%
        ctrl_msg_buf_meter                           0%

File forwarding queues:
        priority: 1,  size: 0
        priority: 2,  size: 0
        priority: 3,  size: 0

 

show wildfire cloud-info

 

Cloud info:
  Cloud server type:             wildfire cloud
  Supported file types:
                                 jar
                                 flash
                                 ms-office
                                 pe
                                 pdf
                                 apk
                                 email-link

 

 

 

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!