WildFire Appliance Interfaces
Focus
Focus
Advanced WildFire Powered by Precision AI™

WildFire Appliance Interfaces

Table of Contents

WildFire Appliance Interfaces

Where Can I Use This?What Do I Need?
  • WildFire Appliance
  • WildFire License
The WF-500 appliances are equipped with four RJ-45 Ethernet ports located at the back of the appliance. These ports are labeled MGT, 1, 2, and 3 and correspond to specific interfaces.
The WildFire appliance has three interfaces:
  • MGT—Receives all files forwarded from the firewalls and returns logs detailing the results back to the firewalls. See Configure the WildFire Appliance.
  • Virtual Machine Interface (VM interface)—Provides network access for the WildFire sandbox systems to enable sample files to communicate with the Internet, which allows WildFire to better analyze the behavior of the sample. When the VM interface is configured, WildFire can observe malicious behaviors that the malware would not normally perform without network access, such as phone-home activity. However, to prevent malware from entering your network from the sandbox, configure the VM interface on an isolated network with an Internet connection. You can also enable the Tor option to hide the public IP address used by your company from malicious sites that are accessed by the sample. For more information on the VM interface, see Set Up the WildFire Appliance VM Interface.
  • Cluster Management Interface—Provides cluster-wide communication among the WildFire appliance nodes that are members of a WildFire appliance cluster. This is a different interface than the MGT interface for firewall operations. You can configure the Ethernet2 interface or the Ethernet3 interface (labeled 2 and 3, respectively) as the cluster management interface.
Obtain the information required to configure network connectivity on the MGT port, the VM interface, and the cluster management interface (WildFire appliance clusters only) from your network administrator (IP address, subnet mask, gateway, hostname, DNS server). All communication between the firewalls and the appliance occurs over the MGT port, including file submissions, WildFire log delivery, and appliance administration. Therefore, ensure that the firewalls have connectivity to the MGT port on the appliance. In addition, the appliance must be able to connect to updates.paloaltonetworks.com to retrieve its operating system software updates.