Free wildfire

cancel
Showing results for 
Search instead for 
Did you mean: 

Free wildfire

L4 Transporter

I thought there was a limited version of wildfire that you could use for PE files. But it isn't working, I do a test registration and it fails. Is there something that is missing in the instruction that I have

 

https://live.paloaltonetworks.com/t5/Articles/Wildfire-Configuration-Testing-and-Monitoring/ta-p/577...

52 REPLIES 52

So the security policy doesn't necessarily have to have direct access to the internet. So how do I configure it to -

interface as defined by your services used for the PAN to communicate with the wildfire cloud, need to be allowed to the untrusted (internet) zone.?

 

So in my case, I have the services use the management port. So I have a policy to that allows the management port to get out to the internet for specific applications and URL's.

 

PAN1.JPGPAN2.JPG

 

I hope this makes sense. Feel free to message me privatly if you would like additional info.

 

Regards,

so you created a security policies just for these functions? It seems like you should be able to it without that, that isn't a part of the instruction that TAC provided

If you allow all outbound traffic, then correct you wouldnt need a specific rule. We tighten down our outbound access as well so we have a special policy just for the PAN to reach out to the internet and then we lock down what it can get to, source, destination, applications, etc.

 

However you can search your logs for those particular applications and/or URL's to see if your PAN is reaching out to the cloud.

setting security policies may not always be an option in which case a service route may help solve the issue, by binding the source interface of a specific service to the external dataplane interface instead of the management interface

 

2015-09-21_21-25-20.png

Tom Piens
PANgurus

Good point reaper!

I will check this out reaper - I agree good point but it also needs to be included on the limited version of wildfire instructions

Mine is already set to use management interface for all

i've updated both the wildfire config and testing and the Discussion of the Week with some additional pointers 

 

if all your service routes are currently still the default (mgmt) there should already be a rule that allows your dynamic updates and software updates (if not you may consider creating a policy to support all these in one go, or opt for the service routes as mentioned above)

 

a good cli command to figure out which rule would allow your management outbound traffic is :

 

> test security-policy-match source <management-IP> destination 199.167.52.13 protocol 7 destination-port 443

 

the destination ip is from our updates server

 

 

regards

Tom

Tom Piens
PANgurus

In 6.1 and below, wildfire is tied to a "File Blocking" profile. Create a profile that detects any file type for any application and set the action to "forward". This should start sending MD5 hashes to Wildfire. 7.0 has changed things. I am looking for the config guide as I write this.

 

SK

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!