Free wildfire

I will check this out reaper - I agree good point but it also needs to be included on the limited version of wildfire instructions

Mine is already set to use management interface for all

i've updated both the wildfire config and testing and the Discussion of the Week with some additional pointers 

if all your service routes are currently still the default (mgmt) there should already be a rule that allows your dynamic updates and software updates (if not you may consider creating a policy to support all these in one go, or opt for the service routes as mentioned above)

a good cli command to figure out which rule would allow your management outbound traffic is :

> test security-policy-match source <management-IP> destination 199.167.52.13 protocol 7 destination-port 443

the destination ip is from our updates server

regards

Tom

In 6.1 and below, wildfire is tied to a "File Blocking" profile. Create a profile that detects any file type for any application and set the action to "forward". This should start sending MD5 hashes to Wildfire. 7.0 has changed things. I am looking for the config guide as I write this.

SK

This was my result of that command and that doesn't seem right to me

provine@sis-pamgt(active)> test security-policy-match source 136.176.190.223 destination 174.129.224.44 protocol 7 destination-port 443

EMB-QUICKCARD-OUT_0000 {
        from any;
        source 136.176.128.0/18;
        source-region none;
        to [ BUILDINGTECH LEGACYQUICKCARD ];
        destination any;
        destination-region none;
        user any;
        category any;
        application/service  any/any/any/any;
        action allow;
        terminal yes;

I did as you said and test security-policy-match source 136.176.190.223 destination 174.129.224.44 protocol 7 destination-port 443 outside and still got the same result as in the previous reply