Device > Setup > WildFire
Table of Contents
Expand all | Collapse all
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > VLANs
- Network > Virtual Wires
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device Setup Ace
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
Device > Setup > WildFire
Select DeviceSetupWildFire to
configure WildFire settings on the firewall and
Panorama. You can enable both the WildFire cloud and a WildFire
appliance to be used to perform file analysis. You can also set
file size limits and session information that will be reported.
After populating WildFire settings, you can specify what files to
forward to the WildFire cloud or the WildFire appliance by creating
a WildFire Analysis profile (ObjectsSecurity ProfilesWildFire Analysis).
To forward decrypted content to WildFire, refer to Forward Decrypted SSL Traffic for WildFire Analysis.
WildFire Settings | Description |
---|---|
General Settings | |
WildFire Public Cloud | Enter wildfire.paloaltonetworks.com to
send files to the WildFire global cloud (U.S.), hosted in the United
States, for analysis. Alternatively, you can instead send files
to a WildFire regional cloud for
analysis. Regional clouds are designed to adhere to the data privacy
expectations you might have depending on your location. Forward samples to a regional WildFire cloud
to ensure adherence to the data privacy and compliance standards specific
to your region. Regional clouds are:
|
WildFire Private Cloud | Specify the IPv4/IPv6 address or FQDN of
the WildFire appliance. The firewall sends files for analysis
to the specified WildFire appliance. Panorama collects threat
IDs from the WildFire appliance to enable the addition of threat
exceptions in Anti-Spyware profiles (for DNS signatures only) and
Antivirus profiles that you configure in device groups. Panorama
also collects information from the WildFire appliance to populate
fields that are missing in the WildFire Submissions logs received
from firewalls running software versions earlier than PAN-OS 7.0. |
File Size Limits | Specify the maximum file size that will
be forwarded to the WildFire server. For all best practice recommendations
about file size limits, if the limit is too large and prevents the
firewall from forwarding multiple large zero-day files at the same
time, lower and tune the maximum limit based on the amount of available
firewall buffer space. If more buffer space is available, you can
increase the file size limit above the best practice recommendation.
The best practice recommendations are a good starting place for
setting effective limits that don’t overtax firewall resources.
Available ranges are:
The
preceding values might differ based on the current version of PAN-OS
or the content release. To see valid ranges, click in the Size
Limit field; a pop-up displays the available range and
default value. |
Report Benign Files | When this option is enabled (disabled by
default), files analyzed by WildFire that are determined to be benign
will appear in the MonitorWildFire Submissions log. Even
if this option is enabled on the firewall, email links that WildFire
deems benign will not be logged because of the potential quantity
of links processed. |
Report Grayware Files | When this option is enabled (disabled by
default), files analyzed by WildFire that are determined to be grayware
will appear in the MonitorWildFire Submissions log. Even
if this option is enabled on the firewall, email links that WildFire
determines to be grayware will not be logged because of the potential
quantity of links processed. Enable
reporting grayware files to log session information, network activity,
host activity, and other information that helps with analytics. |
Session Information Settings | |
Settings | Specify the information to be forwarded
to the WildFire server. By default, all are selected and the best
practice is to forward all session information to provide statistics
and other metrics that enable you to take actions to prevent threat
events:
|