09-05-2024 05:22 AM
Hello Friends,
I have configured the paloalto wildfire feature:
- kept the default file settings in Device --> wildfire --> General settings.
checked Report Benign Files, and grayware files too.
- created a wildfire profile that contains any apps, any file type, download direction, public cloud in the Objects --> wildfire analysis.
- in the antivirus profiles used I have enabled "Hold for WildFire Real Time Signature Look Up" with action or all application to reset-both in wildfire signature based action and inline machine learning action too.
- applied the profile on all security roles.
knowing that we have decrypted and non decrypted networks, when I use paloalto test https://docs.paloaltonetworks.com/advanced-wildfire/administration/configure-advanced-wildfire-analy...
in both cases with or without ssl decryption no logs at all in the wildfire submissions.
Software Version 11.1.2-h3
Any help, TIA
09-06-2024 11:27 AM
Within the CLI whats the output of "show wildfire status"? Are you just pointed to the wildfire public cloud? Does your firewalls MGMT interface have internet access and can you ping wildfire.paloaltonetworks.com from your firewalls MGMT interface? And if you look at the traffic logs do you see the app-id "paloalto-wildfire-cloud"?
09-06-2024 08:47 AM
Hello,
If you log into the wildfire cloud do you see items there? Dashboard-WildFire Portal (paloaltonetworks.com)
Are you viewing these logs on the firewall itself or in Panorama? Do you have a log forwarding profile set with Wildfire log type to be sent somewhere?
09-06-2024 09:57 AM
Thank you @Claw4609 for the reply, i have cheched the portal and no files at all previous hour or 24 hours.
I am using the firewall no panorama.
No log forwarding profile for the wildfire logs.
09-06-2024 11:27 AM
Within the CLI whats the output of "show wildfire status"? Are you just pointed to the wildfire public cloud? Does your firewalls MGMT interface have internet access and can you ping wildfire.paloaltonetworks.com from your firewalls MGMT interface? And if you look at the traffic logs do you see the app-id "paloalto-wildfire-cloud"?
09-06-2024 11:57 PM
Thank you @Claw4609 so much.
it was issue of applications allow, as soos as i allowed the paloalto wilfire cloud app, it started working.
thank you again 🙂
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
