Firewall does WildFire Registration even though WildFire is Not Configured on the Firewall

Firewall does WildFire Registration even though WildFire is Not Configured on the Firewall

0
Created On 09/25/18 19:50 PM - Last Modified 07/19/22 23:07 PM


Symptom


Symptoms

Even though the Palo Alto Networks firewall is not configured with the WildFire feature, it automatically does WildFire public cloud registration when passive DNS monitoring is enabled in the Anti-Spyware profile.

Diagnosis

Passive DNS is an opt-in feature that enables the firewall to act as a passive DNS sensor and send selected DNS information to Palo Alto Networks for analysis in order to improve threat intelligence and threat prevention capabilities.

 

Please refer the below document to know more about Passive DNS monitoring feature,

 

https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/threat-prevention/enable-passive-dns-collection-for-improved-threat-intelligence.html

 

The firewall uses WildFire public cloud to send selected DNS information to Palo Alto Networks, so when we enable the Passive DNS monitoring feature, the firewall automatically does WildFire public cloud registration even though the feature is not configured on the Firewall.

Resolution


To opt-out from this feature or to avoid WildFire public cloud registration, the user must disable passive DNS monitoring in the Anti-Spyware profile.

 

Please follow the steps below to disable Passive DNS monitoring,

 

From GUI

 

Goto Object >> Security Profile >> Anti-Spyware >> select appropriate Anti-Spyware Profile >> Uncheck "Enable Passive DNS Monitoring".

 

PassiveDNS1.png

 

From CLI

 

> configure
Entering configuration mode

# set profiles spyware "Anti-Spyware profile name" botnet-domains passive-dns no

# commit

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClfmCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail