Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

wildfire is not reporting in the wildfire submission

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

wildfire is not reporting in the wildfire submission

L3 Networker

Hello Friends,

                  I have configured the paloalto wildfire feature:

- kept the default file settings in Device --> wildfire --> General settings.

checked Report Benign Files, and grayware files too.

- created a wildfire profile that contains any apps, any file type, download direction, public cloud in the Objects --> wildfire analysis.

- in the antivirus profiles used I have enabled "Hold for WildFire Real Time Signature Look Up" with action or all application to reset-both in wildfire signature based action and inline machine learning action too.

- applied the profile on all security roles.

knowing that we have decrypted and non decrypted networks, when I use paloalto test https://docs.paloaltonetworks.com/advanced-wildfire/administration/configure-advanced-wildfire-analy...

in both cases with or without ssl decryption no logs at all in the wildfire submissions.

Software Version 11.1.2-h3

Any help, TIA

MR
1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Within the CLI whats the output of "show wildfire status"? Are you just pointed to the wildfire public cloud? Does your firewalls MGMT interface have internet access and can you ping wildfire.paloaltonetworks.com from your firewalls MGMT interface? And if you look at the traffic logs do you see the app-id "paloalto-wildfire-cloud"?

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

Hello,

 

If you log into the wildfire cloud do you see items there? Dashboard-WildFire Portal (paloaltonetworks.com)

 

Are you viewing these logs on the firewall itself or in Panorama? Do you have a log forwarding profile set with Wildfire log type to be sent somewhere? 

Thank you @Claw4609 for the reply, i have cheched the portal and no files at all previous hour or 24 hours.

I am using the firewall no panorama.

No log forwarding profile for the wildfire logs.

MR

Cyber Elite
Cyber Elite

Within the CLI whats the output of "show wildfire status"? Are you just pointed to the wildfire public cloud? Does your firewalls MGMT interface have internet access and can you ping wildfire.paloaltonetworks.com from your firewalls MGMT interface? And if you look at the traffic logs do you see the app-id "paloalto-wildfire-cloud"?

Thank you @Claw4609 so much.

it was issue of applications allow, as soos as i allowed the paloalto wilfire cloud app, it started working.

thank you again 🙂

MR
  • 1 accepted solution
  • 720 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!