>
    Strata Copilot
    Configure WildFire Protection
    Focus
    Download PDF
    Focus
    1. Home
    2. Cloud NGFW for Azure Administration
    3. Protect Traffic with Cloud NGFW for Azure
    4. Panorama Policy Management
    5. Configure WildFire Protection
    Download PDF
    Cloud NGFW for Azure

    Configure WildFire Protection

    Table of Contents

    Configure WildFire Protection

    Learn how to configure a WildFire Analysis profile on Panorama to detect and forward threats to WildFire.
    Where Can I Use This?What Do I Need?
    • Cloud NGFW for Azure
    • Cloud NGFW subscription
    • Palo Alto Networks Customer Support Portal account
    • Azure Marketplace subscription
    To configure WildFire on your Cloud NGFW Azure resource using Panorama, you will need to:

    Configure a WildFire Profile

    CNGFW for Azure offers two levels of protection: Standard WildFire and Advanced WildFire (Precision AI-powered inline blocking). Use the steps below to configure either profile type:
    1. Create the profile.
      1. Log in to Panorama and navigate to Objects > WildFire Analysis.
      2. Select the correct Device Group from the drop-down.
      3. Click Add and enter a unique Name for the profile.
    2. Configure Inline Analysis (Applicable for enabling Advanced WildFire Profile).
      If you are licensed for Advanced WildFire and wish to block zero-day malware in real-time:
      1. Go to the Inline Cloud Analysis tab.
      2. Select the Enable Cloud Inline Analysis checkbox.
      Enabling this service will appear as a separate add-on in your CNGFW for Azure billing metrics at 30% of the base firewall credit cost.
    3. Define Analysis Rules.
      Click Add within the profile window to create specific rules.
      • Name: Enter a descriptive name for the rule.
      • Applications: Click Add to select specific applications (or "any") to monitor.
      • File Types: Select the specific file formats you wish to analyze.
      • Direction: Choose upload, download, or both.
      • Analysis Destination:
        Public Cloud: Forwards traffic to the WildFire public cloud.
        Private Cloud: Forwards traffic to a local WildFire appliance.
    4. Finalize and deploy.
      1. Click OK to save the profile.
      2. Commit the changes to Panorama.
      3. Push the configuration to your managed devices.

    Define Security Rules

    1. Log in to Panorama, and click policy rules.
    2. Choose the required Device Group and click the preconfigured security rule (pre-rule or post-rule) or create a new rule.
    3. Click Actions.
    4. In the profile setting, select Profiles under the profile type.
    5. Select the WildFire profile you wish to choose in the WildFire Analysis drop-down.
    6. Click OK.
    Commit and push the device group to the Cloud NGFW resources.
    For more information, see Latest WildFire Cloud Features.

    View WildFire Submission Logs

    You can view WildFire submission logs in:
    1. View logs in Azure
    2. View logs in Panorma

    View Logs in Azure

    After you create the Log Analytics Workspace, update the log settings under the firewall and start sending the traffic. Once the traffic is sent, you can view the logs as described in the steps below:
    1. Click the Log Analytics Workspace for which you need to view the logs.
    2. Click Logs.
    3. Click Custom Logs in the query window and Run a query you have created.
      You can create a customized query with parameters such as number of logs, time range and so on. For example - A simple Query 
      
							fluentbit_CL
							| limit 10
    4. Click the desired query result item for which you would want to view the detailed logs.

    View Logs in Panorama

    On Panorama, you can view the logs on the device group using Monitor > Threats.

    © 2026 Palo Alto Networks, Inc. All rights reserved.