In our Discussion of the Week, user 'jprovine' inquired about the availability of a free version of WildFire and why the registration test was failing.
WildFire can be enabled free of charge and doesn't require a license to be activated. It comes with the device 'as is.'
Two limitations apply:
- WildFire supports only uploading of Portable Executable, or PE, files. The PE filetype is a container that includes .exe, .dll, .scr, and other extentions that match the PE header magic number.
- Signature isn't available through the licensed WildFire signature feed but rather through licensed Threat Prevention updates.
As there is no WildFire license, the connection to the registration server fails as it is used to provide the optimal servers for the WildFire signature feed, which is unavailable without a valid WildFire license.
To enable free use of WildFire, you'll need to create a file blocking profile in PAN-OS 5.* and 6.*, or a WildFire Analysis profile in PAN-OS 7 that sets the PE file type to action 'forward' or 'public-cloud' (the option 'private-cloud' is usable only with the purchase of a WildFire appliance).
After creating the profile, add it to the appropriate security policies:
Commit the configuration changes. WildFire is now enabled and you should start seeing reports in the WildFire submissions log.
Download a test file through http://wildfire.paloaltonetworks.com/publicapi/test/pe or
https://wildfire.paloaltonetworks.com/publicapi/test/pe. Please be aware the latter is an SSL link and SSL decryption is required to intercept this file.
To view the discussion, please refer to the following link: Free wildfire
All comments or suggestions are encouraged.
Thanks for reading!
Tom Piens