Palo Alto Networks Knowledgebase: DotW: Free WildFire

DotW: Free WildFire

(103 Views)
Created On 09/25/18 19:05 PM - Last Updated 09/25/18 23:11 PM
Categories:  WildFire

Issue:


Solution:


fy16-dotw-lato.png

 

In our Discussion of the Week, user 'jprovine' inquired about the availability of a free version of WildFire and why the registration test was failing.

 

2015-09-09_12-09-51.png

 

WildFire can be enabled free of charge and doesn't require a license to be activated. It comes with the device 'as is.'

Two limitations apply:

  • WildFire supports only uploading of Portable Executable, or PE, files. The PE filetype is a container that includes .exe, .dll, .scr, and other extentions that match the PE header magic number.
  • Signature isn't available through the licensed WildFire signature feed but rather through licensed Threat Prevention updates.

As there is no WildFire license, the connection to the registration server fails as it is used to provide the optimal servers for the WildFire signature feed, which is unavailable without a valid WildFire license.

 

To enable free use of WildFire, you'll need to create a file blocking profile in PAN-OS 5.* and 6.*, or a WildFire Analysis profile in PAN-OS 7 that sets the PE file type to action 'forward' or 'public-cloud' (the option 'private-cloud' is usable only with the purchase of a WildFire appliance).

 

2015-09-09_13-25-04.png

2015-09-09_13-25-37.png

 

After creating the profile, add it to the appropriate security policies:

 

2015-09-09_13-32-48.png

 

Commit the configuration changes. WildFire is now enabled and you should start seeing reports in the WildFire submissions log.

 

Download a test file through http://wildfire.paloaltonetworks.com/publicapi/test/pe or 

https://wildfire.paloaltonetworks.com/publicapi/test/pe. Please be aware the latter is an SSL link and SSL decryption is required to intercept this file.

 

To view the discussion, please refer to the following link: Free wildfire

 

All comments or suggestions are encouraged.

 

Thanks for reading!

 

Tom Piens

Attachments:

Actions:
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTzCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Change Language: