06-11-2013 07:12 AM
Hello all
I have been creating a antivirus profile with alert action for all decoder for antivirus action and wildfire action.
but I tried to obtain some logs in wildfire log entrie. May be I didn't request the good file on the web?
How could I proceed to populate the wildfire log entrie.
thank you very much
06-11-2013 07:47 AM
Hi,
Just a quick question, have you downloaded the license key for wildfire subscription on the device (request license info) ?
You would be looking for :License entry:Feature: WildFire License
The wildfire log (on the Monitor tab on firewall) will populate only if the subscription is activated.
06-11-2013 07:56 AM
Yes sure the wildfire licence is ok and palo is a NFR appliance with licence valid
thank
06-11-2013 08:09 AM
Do you have a file blocking profile with action 'forward' or 'forward-continue'? This will allow the device to forward files to the WF cloud if the hash was not seen by the cloud to analyze the files for malicious activity.
Please read this article for more information on configuring and testing wildfire.
Reference article: https://live.paloaltonetworks.com/docs/DOC-3252
Thanks,
Aditi
06-11-2013 09:06 AM
Thank for your answers.
Yes I'have got a blocking profile with action 'forward' configured
when i tried the test command registration
test wildfire registration
This test may take a few minutes to finish. Do you want to continue? (y or n)
Test wildfire
wildfire registration: failed
and when tried this command to check tjhe status
show wildfire status
Connection info:
Wildfire cloud: default cloud
Status: Idle
Best server:
Device registered: no
Valid wildfire license: yes
Service route IP address: 192.168.1.XX
Signature verification: enable
Server selection: enable
Through a proxy: no
i check the licence
request license info
License entry:
Feature: WildFire License
Description: WildFire signature feed, integrated WildFire logs, WildFire API
Serial: 00160XXXXXX
Issued: May 28, 2013
Expires: March 19, 2014
Expired?: no
for summrize : Licence for wildfire is ok but the registration to the cloud failed
Have got you an Idea ?
thank
06-11-2013 09:32 AM
Make sure the mgmt interface has connectivity to internet. This indicates the device is unable to register/communicate with the WF cloud. You can try configuring a service route for Wildfire traffic to use a DP port and test as well.
Thanks,
Aditi
06-11-2013 10:57 AM
DNS issue ?
Which DNS server is used by your palo ? internal with fowarding ? external ?
V.
06-12-2013 04:50 AM
Hi
I mad the verification about DNS and I could resolve with the management interface
ping source 192.168.1.250 host www.google.com
it works fine but I tried something like
ping source 192.168.1.250 host wildfire.paloaltonetworks.com
PING wildfire.paloaltonetworks.com (54.241.16.153) from 192.168.1.250 : 56(84) bytes of data.
^C
--- wildfire.paloaltonetworks.com ping statistics ---
29 packets transmitted, 0 received, 100% packet loss, time 28044ms
You right something is wrong in my dns resolution I will looking for why
thank
06-12-2013 06:10 AM
you cannot ping wildfire.paloaltonetworks.com.That is normal.
also 54.241.16.153 is correct ip.
06-12-2013 06:13 AM
You better check Re: Wildfire not showing any files.
06-12-2013 08:44 AM
after check Re: Wildfire not showing any files.
and investigate my dns , wildfire
the DNS it's ok
wildfire license is ok
when I tried the test registration wildfire command the result stay at failed
and when tried this command
show wildfire status
Connection info:
Wildfire cloud: default cloud
Status: Registering
Device registered: no
Valid wildfire license: yes
but most of the time the status is idle with this command
and I saw traffic to ca-s1.wildfire.paloaltonetworks.com or va-s1.wildfire.paloaltonetworks.com in traffic log with allow action
how could I registered my device for wildfire??
06-12-2013 10:07 AM
Can you log in wildfire.paloaltonetworks.com ?
do you see your device there ?
06-12-2013 11:36 PM
Yes I can see my device in source list in the report tab of wildfire.paloaltonetworks.com
but if I select my serial as a souce no data is return, this palo never sent file to wildfire.
I don't undertand why I see my device in wildfire cloud as registered, but when I check the status of my device the status is not registered?
another information I've got almost 50 device registered on the wildfire cloud.
may be there is a limit of registered device?
06-12-2013 11:43 PM
Ok
try to download that malware link I sent you from private.
it should give us a log on wildfire.
06-13-2013 06:39 AM
ok it's done I download it
the result is in the datafiltering log 2 actions one forward and one alert
each time i donwload your file
and after that I configure the block action instead alert in the antivirus profile and when I tried to download again the the file is block.
but i never add a wildfire log entry
finaly
the protection works the wildfire update works
but sending file to the wildfire cloud doesn't work due to a registration issue
I will open a case
thank
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
