Wildfire Action doubt

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Wildfire Action doubt

L4 Transporter

Hello,

We do not have license wildfire in some of our devices.

Do you know if wildfire action (Antivirus Profile) would function without this license?

8QRdFei.png

Regards,

dicu

2 REPLIES 2

L6 Presenter

Hi COS,

Without Wildfire license you an only send  files to wild-fire cloud. In case of malicious file anti-virus database will not be updated in 1 hour.

But, antivirus database will be updated next day with regular dynamic update.

Regards,

Hardik Shah

L7 Applicator

If you do not have a wildfire subscription, then the Wildfire column will never apply to your traffic.  These actions apply only when the traffic triggers a wildfire signature and you indicate which action this should take.  When the traffic hits a standard AV signature it takes the action listed in the first column.  If you don't have wildfire those signatures are not present and won't be used so you will never have a trigger event.  You may want different actions for wildfire triggers because they are by nature less tested and more prone to false positives that can block legitimate traffic.

From the manual:

You can define different actions for standard antivirus signatures (Action column) and signatures generated by the WildFire system (WildFire Action column). Some environments may have requirements for a longer soak time for antivirus signatures, so this option enables the ability to set different actions for the two antivirus signature types provided by Palo Alto Networks. For example, the standard antivirus signatures go through a longer soak period before being released (24 hours), versus WildFire signatures, which can be generated and released within 15 minutes after a threat is detected. Because of this, you may want to choose the alert action on WildFire signatures instead of blocking.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 2157 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!